Skip to content
Zendrite logo Zendrite logo Zendrite

MSC Support

MSCs (Matrix Spec Changes) are proposals to extend or modify the Matrix protocol. This page tracks the implementation status of notable MSCs in Zendrite.

Many MSCs listed here have since been merged into the Matrix specification proper. They are listed by their original MSC number and the first spec version which includes them.

Sync

Section titled “Sync”
MSCTitleSpecStatus
MSC4186Simplified Sliding SyncN/AImplemented (native, no proxy needed)
MSC3575Sliding Sync (v1)N/AImplemented (legacy, superseded by MSC4186)

Messaging

Section titled “Messaging”
MSCTitleSpecStatus
MSC2675Serverside aggregations of message relationships1.3Implemented
MSC2676Message editing1.4Implemented
MSC2677Reactions1.7Implemented
MSC2836ThreadingN/AOpt-in (msc2836)
MSC2285Private read receipts1.4Implemented

Rooms & Spaces

Section titled “Rooms & Spaces”
MSCTitleSpecStatus
MSC1772Spaces1.2Implemented
MSC2946Spaces summary / room hierarchy1.2Implemented
MSC3083Restricted rooms (space-based membership)1.2Implemented
MSC2403Knocking1.1Implemented
MSC3266Room summary API1.15Implemented
MSC3765Rich text in room topics1.15Not implemented

Encryption & Security

Section titled “Encryption & Security”
MSCTitleSpecStatus
MSC3916Authenticated media1.11Implemented
MSC2732OLM fallback keys1.2Implemented
MSC3814Dehydrated devices v2N/AOpt-in (msc3814)
MSC4115Membership metadata on events1.11Opt-in (msc4115)

Federation

Section titled “Federation”
MSCTitleSpecStatus
MSC3706Partial state in /send_join (faster joins)1.6Implemented
MSC2444Peeking over federationN/AOpt-in (msc2444)
MSC2753Peeking via /syncN/AOpt-in (msc2753)

Authentication

Section titled “Authentication”
MSCTitleSpecStatus
MSC2918Refresh tokens1.3Implemented
MSC3861Next-gen auth (OIDC)1.15Opt-in (msc3861)

VoIP

Section titled “VoIP”
MSCTitleSpecStatus
MSC4143MatrixRTC transport discoveryN/AImplemented

Opt-in MSCs

Section titled “Opt-in MSCs”

The following MSCs are not enabled by default and must be activated in the mscs section of the config file:

mscs:
  mscs:
    - msc2836
    - msc2444
    - msc2753
    - msc3814
    - msc3861
    - msc4115

MSC3814: Dehydrated Devices v2

Section titled “MSC3814: Dehydrated Devices v2”

MSC3814 allows clients to store a “dehydrated” device on the server so that encrypted to-device messages (e.g. key shares) can be delivered while the user is offline. When the user signs in again, the client rehydrates the device and retrieves messages it missed.

What changes when MSC3814 is enabled:

  • PUT /_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device — store a dehydrated device with its keys.
  • GET /_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device — retrieve the current dehydrated device metadata.
  • DELETE /_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device — remove the dehydrated device.
  • POST /_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device/{deviceID}/events — retrieve to-device events addressed to the dehydrated device.

Configuration:

mscs:
  mscs:
    - msc3814

No additional configuration is needed beyond enabling the MSC.

MSC3861: OIDC Delegated Authentication

Section titled “MSC3861: OIDC Delegated Authentication”

MSC3861 delegates authentication to an external OpenID Connect (OIDC) provider such as Matrix Authentication Service (MAS). When enabled, Zendrite validates access tokens via OAuth 2.0 token introspection instead of managing passwords directly.

What changes when MSC3861 is enabled:

  • Password-based registration and login are disabled.
  • GET /login returns only the m.login.sso flow.
  • POST /login, /register, /account/password, /account/deactivate, /logout, /logout/all, /delete_devices, and device modification endpoints return 403 M_FORBIDDEN.
  • /.well-known/matrix/client includes an m.authentication section with the OIDC issuer.
  • New users are auto-provisioned on first token introspection.

Configuration:

mscs:
  mscs:
    - msc3861
  msc3861:
    issuer: "https://auth.example.com/"
    client_id: "0000000000000000000ZENDRITE"
    client_secret: "secret"
    client_auth_method: "client_secret_basic"  # or "client_secret_post"
    admin_token: ""                            # optional: static token for admin API access
    account_management_url: ""                 # optional: URL for account management UI
    introspection_endpoint: ""                 # optional: defaults to {issuer}/oauth2/introspect
FieldRequiredDescription
issuerYesThe OIDC provider URL (e.g. your MAS instance).
client_idYesOAuth 2.0 client ID registered with the OIDC provider for introspection.
client_secretYesOAuth 2.0 client secret for introspection.
client_auth_methodNoAuthentication method: client_secret_basic (default) or client_secret_post.
admin_tokenNoA static bearer token that grants admin access, bypassing OIDC introspection. Useful for service-to-service calls.
account_management_urlNoURL where users can manage their account (shown in well-known response).
introspection_endpointNoOverride the introspection endpoint URL. Defaults to {issuer}/oauth2/introspect.