Element-web: riot uses unstable APIs

This should be considered a release-blocker imho

Currently there are some endpoints that are not exposed by synapse on /r0/ but on /unstable/ only.
This issue is blocked on that missing ability.

yup. could you clarify what they are?

Here's a list of things known to be using the /unstable prefix in the js-sdk:

• /login/cas/redirect (getCasLoginUrl)
• /account/deactivate
• /account/3pid/delete
• /devices
• /devices/$device_id (PUT and DELETE)
• /keys/upload/$deviceId
• /keys/query
• /keys/claim
• /keys/changes
• /sendToDevice/$eventType/$txnId
• /thirdparty/protocols
• /thirdparty/location/$protocol

It looks like APIs that are in synapse unstable but not r0 are:

• /account/3pid/delete
• /login/saml2
• /login/cas/redirect
• /login/cas/ticket
• /createUser

In other words, I think the answer to the question above is the CAS endpoints and 3pid deletion.

In other words, I think the answer to the question above is the CAS endpoints and 3pid deletion.

This is only true as of https://github.com/matrix-org/synapse/pull/2579 (which has not yet been released). Before that I think that all of the things in the top list (except possibly /account/deactivate ?) were unstable-only.

If supporting old versions of riot is something we've committed to do, then releasing versions of riot dependent on unstable APIs effectively commits us to supporting those unstable APIs in their current shape (rendering them stable by accident and not by choice).

Which is obviously terrible.

But, if we have already released those versions of Riot, then I don't see the particular need to block 0.14 on this issue. Certainly it's a high priority techincal debt maintenance item that needs to be resolved, and certainly each released version of Riot with these dependencies only makes the number of human users dependent on those unstable APIs greater which is undoubtably a BadThing.

But since this problem wouldn't be _resolved_ by simply fixing our /unstable dependencies in 0.14, I'm going to bias towards this _not_ being a release-blocker for 0.14. I will moot it for consideration in 0.15, though.

@richvdh I hope that makes sense - if you want to fist fight me on this we can schedule some time tomorrow :stuck_out_tongue:

fine, but continuing to punt it will result in toy-throwing tantrums.

It also uses /media/v1 for some of the media apis, which is also incorrect.

Be warned that my toys are nearing the edge of the pram again.

I think I might drop support for the unstable prefix in the next version of synapse. These APIs are unstable, so I can do that, right?

@lampholder can we get this on the radar for after riot 1.0 please?

/me has made a note

https://github.com/matrix-org/matrix-js-sdk/pull/990 for the people who have a vested interest in Riot behaving itself as an API user.