MSCs (Matrix Spec Changes) are proposals to extend or modify the Matrix protocol.
This page tracks the implementation status of notable MSCs in Zendrite.
Many MSCs listed here have since been merged into the Matrix specification proper.
They are listed by their original MSC number for reference.
| MSC | Title | Status |
|---|
| MSC4186 | Simplified Sliding Sync | Implemented (native, no proxy needed) |
| MSC3575 | Sliding Sync (v1) | Implemented (legacy, superseded by MSC4186) |
| MSC | Title | Status |
|---|
| MSC2675 | Serverside aggregations of message relationships | Implemented |
| MSC2676 | Message editing | Implemented |
| MSC2677 | Reactions | Implemented |
| MSC2836 | Threading | Opt-in (msc2836) |
| MSC2285 | Private read receipts | Implemented |
| MSC | Title | Status |
|---|
| MSC1772 | Spaces | Implemented |
| MSC2946 | Spaces summary / room hierarchy | Implemented |
| MSC3083 | Restricted rooms (space-based membership) | Implemented |
| MSC2403 | Knocking | Implemented |
| MSC3266 | Room summary API | Implemented |
| MSC3765 | Rich text in room topics | Not implemented |
| MSC | Title | Status |
|---|
| MSC3916 | Authenticated media | Implemented |
| MSC2732 | OLM fallback keys | Implemented |
| MSC4115 | Membership metadata on events | Opt-in (msc4115) |
| MSC | Title | Status |
|---|
| MSC3706 | Partial state in /send_join (faster joins) | Implemented |
| MSC2444 | Peeking over federation | Opt-in (msc2444) |
| MSC2753 | Peeking via /sync | Opt-in (msc2753) |
| MSC | Title | Status |
|---|
| MSC2918 | Refresh tokens | Implemented |
| MSC3861 | Next-gen auth (OIDC) | Opt-in (msc3861) |
| MSC | Title | Status |
|---|
| MSC4143 | MatrixRTC | Not implemented |
The following MSCs are not enabled by default and must be activated in the mscs section of the config file:
mscs:
mscs:
- msc2836
- msc2444
- msc2753
- msc3861
- msc4115
MSC3861 delegates authentication to an external OpenID Connect (OIDC) provider such as Matrix Authentication Service (MAS).
When enabled, Zendrite validates access tokens via OAuth 2.0 token introspection instead of managing passwords directly.
What changes when MSC3861 is enabled:
- Password-based registration and login are disabled.
GET /login returns only the m.login.sso flow.POST /login, /register, /account/password, /account/deactivate, /logout, /logout/all, /delete_devices, and device modification endpoints return 403 M_FORBIDDEN./.well-known/matrix/client includes an m.authentication section with the OIDC issuer.- New users are auto-provisioned on first token introspection.
Configuration:
mscs:
mscs:
- msc3861
msc3861:
issuer: "https://auth.example.com/"
client_id: "0000000000000000000DENDRITE"
client_secret: "secret"
client_auth_method: "client_secret_basic" # or "client_secret_post"
admin_token: "" # optional: static token for admin API access
account_management_url: "" # optional: URL for account management UI
introspection_endpoint: "" # optional: defaults to {issuer}/oauth2/introspect
| Field | Required | Description |
|---|
issuer | Yes | The OIDC provider URL (e.g. your MAS instance). |
client_id | Yes | OAuth 2.0 client ID registered with the OIDC provider for introspection. |
client_secret | Yes | OAuth 2.0 client secret for introspection. |
client_auth_method | No | Authentication method: client_secret_basic (default) or client_secret_post. |
admin_token | No | A static bearer token that grants admin access, bypassing OIDC introspection. Useful for service-to-service calls. |
account_management_url | No | URL where users can manage their account (shown in well-known response). |
introspection_endpoint | No | Override the introspection endpoint URL. Defaults to {issuer}/oauth2/introspect. |