On Monday 7th of April 2025 at 7am UTC, we will migrate the Matrix.org homeserver's authentication system over to MAS (Matrix Authentication Service) in order to benefit from Next-generation authentication.

The migration will involve up to one hour of downtime.

MSC3861 (Next-generation auth for Matrix, based on OAuth 2.0/OpenID Connect (OIDC)) and its dependent MSCs have progressed sufficiently that the Foundation is confident in MAS and the new next-generation auth APIs. Specifically, all the MSCs are now in or have passed Final Comment Period (FCP) with disposition to merge! πŸŽ‰

We expect the MSCs to finish FCP and get merged into the next spec release. The full list of core Next-gen Auth MSCs is:

This is incredibly exciting, reflecting 4 years of work on next-generation auth, and brings with it a new account management interface, additional security, and a better registration experience.

πŸ”—The account management interface

You will be able to manage your account on a dedicated interface at account.matrix.org (accessible through your client or browser), where you can:

  • See and delete your devices.
  • Update your contact information, like your email address.
  • Change your password and deactivate your account.
The new device overview in MAS

The new device overview in MAS

πŸ”—Improved security

MAS comes with a significant refactoring of how authentication works on Matrix. Without breaking compatibility with the former authentication API, it brings several benefits

  • Now, only your server will be able to see your account credentials! No more typing your password in every client you’d like to log in to.
  • Restricted access to sensitive operations, like deactivating your account.
  • Clearer view of which clients are using your account.
An example of the scope request view of MAS showing Element requesting permissions to see the profile, view existing messages and data and sending messages on your behalf.

An example of the scope request view of MAS showing Element requesting permissions to see the profile, view existing messages and data and sending messages on your behalf.

πŸ”—Improved registration experience

Regardless of the client you use, the new registration and login experience makes it clear where your account lives, and it supports next-generation clients like Element X.

The new Registration Dialog for MAS showing an input field for a username and various social logins

The new Registration Dialog for MAS showing an input field for a username and various social logins

πŸ”—Impact

Your current sessions will remain active after the migration has taken effect. In other words, you will not be logged out of your clients.

We’re providing backwards compatibility for existing Matrix clients - this does not remove the stable pre-Matrix 2.0 APIs. You can read more about the impact on clients in our previously published blog article - Authentication changes on Matrix.org.

πŸ”—This is only the beginning!

Matrix Authentication Service is Matrix's next-generation authentication stack. Together with the next-generation authentication APIs, it is the base of a new exciting era for authentication in Matrix!

This has been one of the most ambitious projects within the Matrix project, the result of a multi-year investment by Element, funded in turn by Element’s customers, including BWI.

It will enable new forms of authentication flows, like QR-code login (coming soon to matrix.org with MSC4108), and new categories of applications building on Matrix, thanks to fine-grained control over client access to the account.

You can find all the technical details in Quentin's Matrix Conference talk, Harder Better Faster Stronger Authentication with OpenID Connect.

Finally, if you have any concerns, please come talk to us in #matrix-auth:matrix.org

The Foundation needs you

The Matrix.org Foundation is a non-profit and only relies on donations to operate. Its core mission is to maintain the Matrix Specification, but it does much more than that.

It maintains the matrix.org homeserver and hosts several bridges for free. It fights for our collective rights to digital privacy and dignity.

Support us