Skip to content

GET /_matrix/client/v3/profile/... states it do not require auth, but implementations can require auth #2254

New issue
New issue
Open
Open
GET /_matrix/client/v3/profile/... states it do not require auth, but implementations can require auth#2254
Labels
clarificationAn area where the expected behaviour is understood, but the spec could do with being more explicit
@Half-Shot

Description

@Half-Shot
Half-Shot
opened on Nov 26, 2025

Link to problem area:

https://spec.matrix.org/v1.16/client-server-api/#get_matrixclientv3profileuserid

Issue

The spec says mentions that authentication is not required for the endpoint, but Synapse for example may gate the endpoint behind auth.

This really makes a lot of sense. You may not want people to enumerate your user ids, nor do driveby requests for your profile data if you do not share a room. I think the spec should be clear that authentication may be required,

Metadata

Metadata

Assignees

No one assigned

    Labels

    clarificationAn area where the expected behaviour is understood, but the spec could do with being more explicit

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions