Merge branch 'main' into feat/login_hint_with_email

2025-08-18 09:05:00 +02:00
parent 78dc54133d 391ff74174
commit 620244a95c
7 changed files with 269 additions and 95 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3116,7 +3116,7 @@ dependencies = [

 [[package]]
 name = "mas-axum-utils"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "anyhow",
 "axum",
@@ -3150,7 +3150,7 @@ dependencies = [

 [[package]]
 name = "mas-cli"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "anyhow",
 "axum",
@@ -3224,7 +3224,7 @@ dependencies = [

 [[package]]
 name = "mas-config"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "anyhow",
 "camino",
@@ -3256,7 +3256,7 @@ dependencies = [

 [[package]]
 name = "mas-context"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "console",
 "opentelemetry",
@@ -3272,7 +3272,7 @@ dependencies = [

 [[package]]
 name = "mas-data-model"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "base64ct",
 "chrono",
@@ -3295,7 +3295,7 @@ dependencies = [

 [[package]]
 name = "mas-email"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "async-trait",
 "lettre",
@@ -3306,7 +3306,7 @@ dependencies = [

 [[package]]
 name = "mas-handlers"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "aide",
 "anyhow",
@@ -3386,7 +3386,7 @@ dependencies = [

 [[package]]
 name = "mas-http"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "futures-util",
 "headers",
@@ -3407,7 +3407,7 @@ dependencies = [

 [[package]]
 name = "mas-i18n"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "camino",
 "icu_calendar",
@@ -3429,7 +3429,7 @@ dependencies = [

 [[package]]
 name = "mas-i18n-scan"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "camino",
 "clap",
@@ -3443,7 +3443,7 @@ dependencies = [

 [[package]]
 name = "mas-iana"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "schemars 0.8.22",
 "serde",
@@ -3451,7 +3451,7 @@ dependencies = [

 [[package]]
 name = "mas-iana-codegen"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "anyhow",
 "async-trait",
@@ -3467,7 +3467,7 @@ dependencies = [

 [[package]]
 name = "mas-jose"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "base64ct",
 "chrono",
@@ -3497,7 +3497,7 @@ dependencies = [

 [[package]]
 name = "mas-keystore"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "aead",
 "base64ct",
@@ -3525,7 +3525,7 @@ dependencies = [

 [[package]]
 name = "mas-listener"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "anyhow",
 "bytes",
@@ -3550,7 +3550,7 @@ dependencies = [

 [[package]]
 name = "mas-matrix"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "anyhow",
 "async-trait",
@@ -3560,7 +3560,7 @@ dependencies = [

 [[package]]
 name = "mas-matrix-synapse"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "anyhow",
 "async-trait",
@@ -3577,7 +3577,7 @@ dependencies = [

 [[package]]
 name = "mas-oidc-client"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "assert_matches",
 "async-trait",
@@ -3613,7 +3613,7 @@ dependencies = [

 [[package]]
 name = "mas-policy"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "anyhow",
 "arc-swap",
@@ -3630,7 +3630,7 @@ dependencies = [

 [[package]]
 name = "mas-router"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "axum",
 "serde",
@@ -3641,7 +3641,7 @@ dependencies = [

 [[package]]
 name = "mas-spa"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "camino",
 "serde",
@@ -3650,7 +3650,7 @@ dependencies = [

 [[package]]
 name = "mas-storage"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "async-trait",
 "chrono",
@@ -3672,7 +3672,7 @@ dependencies = [

 [[package]]
 name = "mas-storage-pg"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "async-trait",
 "chrono",
@@ -3699,7 +3699,7 @@ dependencies = [

 [[package]]
 name = "mas-tasks"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "anyhow",
 "async-trait",
@@ -3731,7 +3731,7 @@ dependencies = [

 [[package]]
 name = "mas-templates"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "anyhow",
 "arc-swap",
@@ -3761,7 +3761,7 @@ dependencies = [

 [[package]]
 name = "mas-tower"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "http",
 "opentelemetry",
@@ -3842,6 +3842,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4e60ac08614cc09062820e51d5d94c2fce16b94ea4e5003bb81b99a95f84e876"
 dependencies = [
 "memo-map",
+ "percent-encoding",
 "self_cell",
 "serde",
 "serde_json",
@@ -4031,7 +4032,7 @@ dependencies = [

 [[package]]
 name = "oauth2-types"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "assert_matches",
 "base64ct",
@@ -5401,9 +5402,9 @@ dependencies = [

 [[package]]
 name = "sea-query"
-version = "0.32.6"
+version = "0.32.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64c91783d1514b99754fc6a4079081dcc2c587dadbff65c48c7f62297443536a"
+checksum = "8a5d1c518eaf5eda38e5773f902b26ab6d5e9e9e2bb2349ca6c64cf96f80448c"
 dependencies = [
 "chrono",
 "inherent",
@@ -5818,9 +5819,9 @@ checksum = "56199f7ddabf13fe5074ce809e7d3f42b42ae711800501b5b16ea82ad029c39d"

 [[package]]
 name = "slab"
-version = "0.4.10"
+version = "0.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "04dc19736151f35336d325007ac991178d504a119863a2fcb3758cdb5e52c50d"
+checksum = "7a2ae44ef20feb57a68b23d846850f861394c2e02dc425a50098ae8c90267589"

 [[package]]
 name = "smallvec"
@@ -6167,7 +6168,7 @@ dependencies = [

 [[package]]
 name = "syn2mas"
-version = "1.0.0-rc.0"
+version = "1.0.0"
 dependencies = [
 "anyhow",
 "arc-swap",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,7 +9,7 @@ members = ["crates/*"]
 resolver = "2"

 # Updated in the CI with a `sed` command
-package.version = "1.0.0-rc.0"
+package.version = "1.0.0"
 package.license = "AGPL-3.0-only OR LicenseRef-Element-Commercial"
 package.authors = ["Element Backend Team"]
 package.edition = "2024"
@@ -34,35 +34,35 @@ broken_intra_doc_links = "deny"
 [workspace.dependencies]

 # Workspace crates
-mas-axum-utils = { path = "./crates/axum-utils/", version = "=1.0.0-rc.0" }
-mas-cli = { path = "./crates/cli/", version = "=1.0.0-rc.0" }
-mas-config = { path = "./crates/config/", version = "=1.0.0-rc.0" }
-mas-context = { path = "./crates/context/", version = "=1.0.0-rc.0" }
-mas-data-model = { path = "./crates/data-model/", version = "=1.0.0-rc.0" }
-mas-email = { path = "./crates/email/", version = "=1.0.0-rc.0" }
-mas-graphql = { path = "./crates/graphql/", version = "=1.0.0-rc.0" }
-mas-handlers = { path = "./crates/handlers/", version = "=1.0.0-rc.0" }
-mas-http = { path = "./crates/http/", version = "=1.0.0-rc.0" }
-mas-i18n = { path = "./crates/i18n/", version = "=1.0.0-rc.0" }
-mas-i18n-scan = { path = "./crates/i18n-scan/", version = "=1.0.0-rc.0" }
-mas-iana = { path = "./crates/iana/", version = "=1.0.0-rc.0" }
-mas-iana-codegen = { path = "./crates/iana-codegen/", version = "=1.0.0-rc.0" }
-mas-jose = { path = "./crates/jose/", version = "=1.0.0-rc.0" }
-mas-keystore = { path = "./crates/keystore/", version = "=1.0.0-rc.0" }
-mas-listener = { path = "./crates/listener/", version = "=1.0.0-rc.0" }
-mas-matrix = { path = "./crates/matrix/", version = "=1.0.0-rc.0" }
-mas-matrix-synapse = { path = "./crates/matrix-synapse/", version = "=1.0.0-rc.0" }
-mas-oidc-client = { path = "./crates/oidc-client/", version = "=1.0.0-rc.0" }
-mas-policy = { path = "./crates/policy/", version = "=1.0.0-rc.0" }
-mas-router = { path = "./crates/router/", version = "=1.0.0-rc.0" }
-mas-spa = { path = "./crates/spa/", version = "=1.0.0-rc.0" }
-mas-storage = { path = "./crates/storage/", version = "=1.0.0-rc.0" }
-mas-storage-pg = { path = "./crates/storage-pg/", version = "=1.0.0-rc.0" }
-mas-tasks = { path = "./crates/tasks/", version = "=1.0.0-rc.0" }
-mas-templates = { path = "./crates/templates/", version = "=1.0.0-rc.0" }
-mas-tower = { path = "./crates/tower/", version = "=1.0.0-rc.0" }
-oauth2-types = { path = "./crates/oauth2-types/", version = "=1.0.0-rc.0" }
-syn2mas = { path = "./crates/syn2mas", version = "=1.0.0-rc.0" }
+mas-axum-utils = { path = "./crates/axum-utils/", version = "=1.0.0" }
+mas-cli = { path = "./crates/cli/", version = "=1.0.0" }
+mas-config = { path = "./crates/config/", version = "=1.0.0" }
+mas-context = { path = "./crates/context/", version = "=1.0.0" }
+mas-data-model = { path = "./crates/data-model/", version = "=1.0.0" }
+mas-email = { path = "./crates/email/", version = "=1.0.0" }
+mas-graphql = { path = "./crates/graphql/", version = "=1.0.0" }
+mas-handlers = { path = "./crates/handlers/", version = "=1.0.0" }
+mas-http = { path = "./crates/http/", version = "=1.0.0" }
+mas-i18n = { path = "./crates/i18n/", version = "=1.0.0" }
+mas-i18n-scan = { path = "./crates/i18n-scan/", version = "=1.0.0" }
+mas-iana = { path = "./crates/iana/", version = "=1.0.0" }
+mas-iana-codegen = { path = "./crates/iana-codegen/", version = "=1.0.0" }
+mas-jose = { path = "./crates/jose/", version = "=1.0.0" }
+mas-keystore = { path = "./crates/keystore/", version = "=1.0.0" }
+mas-listener = { path = "./crates/listener/", version = "=1.0.0" }
+mas-matrix = { path = "./crates/matrix/", version = "=1.0.0" }
+mas-matrix-synapse = { path = "./crates/matrix-synapse/", version = "=1.0.0" }
+mas-oidc-client = { path = "./crates/oidc-client/", version = "=1.0.0" }
+mas-policy = { path = "./crates/policy/", version = "=1.0.0" }
+mas-router = { path = "./crates/router/", version = "=1.0.0" }
+mas-spa = { path = "./crates/spa/", version = "=1.0.0" }
+mas-storage = { path = "./crates/storage/", version = "=1.0.0" }
+mas-storage-pg = { path = "./crates/storage-pg/", version = "=1.0.0" }
+mas-tasks = { path = "./crates/tasks/", version = "=1.0.0" }
+mas-templates = { path = "./crates/templates/", version = "=1.0.0" }
+mas-tower = { path = "./crates/tower/", version = "=1.0.0" }
+oauth2-types = { path = "./crates/oauth2-types/", version = "=1.0.0" }
+syn2mas = { path = "./crates/syn2mas", version = "=1.0.0" }

 # OpenAPI schema generation and validation
 [workspace.dependencies.aide]
@@ -379,7 +379,7 @@ version = "0.3.17"
 # Templates
 [workspace.dependencies.minijinja]
 version = "2.11.0"
-features = ["loader", "json", "speedups", "unstable_machinery"]
+features = ["urlencode", "loader", "json", "speedups", "unstable_machinery"]

 # Additional filters for minijinja
 [workspace.dependencies.minijinja-contrib]
@@ -557,7 +557,7 @@ features = ["std"]

 # Query builder
 [workspace.dependencies.sea-query]
-version = "0.32.6"
+version = "0.32.7"
 features = ["derive", "attr", "with-uuid", "with-chrono", "postgres-array"]

 # Query builder
--- a/docs/SUMMARY.md
+++ b/docs/SUMMARY.md
@@ -21,6 +21,7 @@
 - [Policy engine](./topics/policy.md)
 - [Authorization and sessions](./topics/authorization.md)
 - [Use the Admin API](./topics/admin-api.md)
+- [Get an access token](./topics/access-token.md)

 # Reference

--- a/docs/reference/configuration.md
+++ b/docs/reference/configuration.md
@@ -814,6 +814,37 @@ upstream_oauth2:
          #template: "@{{ user.preferred_username }}"
 ```

+## `branding`
+
+Configuration section for tweaking the branding of the service.
+
+```yaml
+branding:
+  # A human-readable name. Defaults to the server's address.
+  #service_name:
+
+  # Link to a privacy policy, displayed in the footer of web pages and
+  # emails. It is also advertised to clients through the `op_policy_uri`
+  # OIDC provider metadata.
+  #policy_uri:
+
+  # Link to a terms of service document, displayed in the footer of web
+  # pages and emails. It is also advertised to clients through the
+  # `op_tos_uri` OIDC provider metadata.
+  #
+  # This also adds a mandatory checkbox during registration. The value of
+  # this config item will be stored in the `user_terms` table to indicate
+  # which ToS document the user accepted. Note that currently changing this
+  # value will not force existing users to re-accept terms.
+  #tos_uri:
+
+  # Legal imprint, displayed in the footer in the footer of web pages and emails.
+  #imprint:
+
+  # Logo displayed in some web pages.
+  #logo_uri:
+```
+
 ## `experimental`

 Settings that may change or be removed in future versions.
--- a/docs/topics/access-token.md
+++ b/docs/topics/access-token.md
@@ -0,0 +1,31 @@
+# Get an access token
+
+The [Matrix Authentication Service repository contains a simple shell script](https://github.com/element-hq/matrix-authentication-service/blob/main/misc/device-code-grant.sh) to get interatively get an access token with arbitrary scopes.
+It requires `sh`, `jq` and `curl` to be installed.
+This can be run from anywhere, not necessarily from the host where MAS is running.
+
+```sh
+sh ./misc/device-code-grant.sh [synapse-url] <scope>...
+```
+
+This will prompt you to open a URL in your browser, finish the authentication flow, and print the access token.
+
+This can be used to get access to the MAS admin API:
+
+```sh
+sh ./misc/device-code-grant.sh https://synapse.example.com/ urn:mas:admin
+```
+
+Or to the Synapse admin API:
+
+```sh
+sh ./misc/device-code-grant.sh https://synapse.example.com/ urn:matrix:org.matrix.msc2967.client:api:* urn:synapse:admin:*
+```
+
+Or even both at the same time:
+
+```sh
+sh ./misc/device-code-grant.sh https://synapse.example.com/ urn:matrix:org.matrix.msc2967.client:api:* urn:mas:admin urn:synapse:admin:*
+```
+
+Note that the token will be valid for a short time (5 minutes by default) and needs to be revoked manually from the MAS user interface.
--- a/frontend/.storybook/locales.ts
+++ b/frontend/.storybook/locales.ts
@@ -27,7 +27,7 @@ export type LocalazyMetadata = {
 };
             
 const localazyMetadata: LocalazyMetadata = {
-  projectUrl: "https://localazy.com/p/matrix-authentication-service",
+  projectUrl: "https://localazy.com/p/matrix-authentication-service!v1.0",
  baseLocale: "en",
  languages: [
    {
@@ -172,21 +172,21 @@ const localazyMetadata: LocalazyMetadata = {
      file: "frontend.json",
      path: "",
      cdnFiles: {
-        "cs": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/cs/frontend.json",
-        "da": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/da/frontend.json",
-        "de": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/de/frontend.json",
-        "en": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/en/frontend.json",
-        "et": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/et/frontend.json",
-        "fi": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/fi/frontend.json",
-        "fr": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/fr/frontend.json",
-        "hu": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/hu/frontend.json",
-        "nb_NO": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/nb-NO/frontend.json",
-        "nl": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/nl/frontend.json",
-        "pt": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/pt/frontend.json",
-        "ru": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/ru/frontend.json",
-        "sv": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/sv/frontend.json",
-        "uk": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/uk/frontend.json",
-        "zh#Hans": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/zh-Hans/frontend.json"
+        "cs": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/cs/frontend.json",
+        "da": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/da/frontend.json",
+        "de": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/de/frontend.json",
+        "en": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/en/frontend.json",
+        "et": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/et/frontend.json",
+        "fi": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/fi/frontend.json",
+        "fr": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/fr/frontend.json",
+        "hu": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/hu/frontend.json",
+        "nb_NO": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/nb-NO/frontend.json",
+        "nl": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/nl/frontend.json",
+        "pt": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/pt/frontend.json",
+        "ru": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/ru/frontend.json",
+        "sv": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/sv/frontend.json",
+        "uk": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/uk/frontend.json",
+        "zh#Hans": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/7c203a8ac8bd48c3c4609a8effcd0fbac430f9b2/zh-Hans/frontend.json"
      }
    },
    {
@@ -194,21 +194,21 @@ const localazyMetadata: LocalazyMetadata = {
      file: "file.json",
      path: "",
      cdnFiles: {
-        "cs": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/cs/file.json",
-        "da": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/da/file.json",
-        "de": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/de/file.json",
-        "en": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/en/file.json",
-        "et": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/et/file.json",
-        "fi": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/fi/file.json",
-        "fr": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/fr/file.json",
-        "hu": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/hu/file.json",
-        "nb_NO": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/nb-NO/file.json",
-        "nl": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/nl/file.json",
-        "pt": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/pt/file.json",
-        "ru": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/ru/file.json",
-        "sv": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/sv/file.json",
-        "uk": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/uk/file.json",
-        "zh#Hans": "https://delivery.localazy.com/_a7686032324574572744739e0707/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/zh-Hans/file.json"
+        "cs": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/cs/file.json",
+        "da": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/da/file.json",
+        "de": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/de/file.json",
+        "en": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/en/file.json",
+        "et": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/et/file.json",
+        "fi": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/fi/file.json",
+        "fr": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/fr/file.json",
+        "hu": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/hu/file.json",
+        "nb_NO": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/nb-NO/file.json",
+        "nl": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/nl/file.json",
+        "pt": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/pt/file.json",
+        "ru": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/ru/file.json",
+        "sv": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/sv/file.json",
+        "uk": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/uk/file.json",
+        "zh#Hans": "https://delivery.localazy.com/_a6852319594175263500b59d766a/_e0/5b69b0350dccfd47c245a5d41c1b9fdf6912cc6e/zh-Hans/file.json"
      }
    }
  ]
--- a/misc/device-code-grant.sh
+++ b/misc/device-code-grant.sh
@@ -0,0 +1,110 @@
+#!/bin/sh
+
+set -eu
+
+usage() {
+  echo "$0 [synapse-url] <scope>..." >&2
+  exit 1
+}
+
+req() {
+  METHOD="$1"
+  shift
+  URL="$1"
+  shift
+  printf "> %4s %s\n" "$METHOD" "$URL" >&2
+  curl -sL --fail-with-body -o- -H 'Accept: application/json' -X "$METHOD" "$@" "$URL"
+}
+
+if [ "$#" -eq "0" ]; then
+  usage
+fi
+
+CS_API="${1%/}"
+shift
+
+if [ -z "$*" ]; then
+  SCOPE="urn:matrix:org.matrix.msc2967.client:api:*"
+else
+  SCOPE="$*"
+fi
+
+
+echo "Discovering the homeserver endpoints"
+METADATA="$(req GET "${CS_API}/_matrix/client/unstable/org.matrix.msc2965/auth_metadata")"
+DEVICE_AUTHORIZATION_ENDPOINT="$(echo "$METADATA" | jq -r '.device_authorization_endpoint')"
+TOKEN_ENDPOINT="$(echo "$METADATA" | jq -r '.token_endpoint')"
+REGISTRATION_ENDPOINT="$(echo "$METADATA" | jq -r '.registration_endpoint')"
+
+echo "Registering the client"
+# Note that the client_uri is only used as an identifier, MAS will not try to contact this URI
+RESP="$(
+  req POST "${REGISTRATION_ENDPOINT}" \
+    -H 'Content-Type: application/json' \
+    -d @- <<EOF
+{
+  "client_name": "CLI tool",
+  "client_uri": "https://github.com/element-hq/matrix-authentication-service/",
+  "grant_types": ["urn:ietf:params:oauth:grant-type:device_code"],
+  "application_type": "native",
+  "token_endpoint_auth_method": "none"
+}
+EOF
+)"
+
+CLIENT_ID="$(echo "$RESP" | jq -r '.client_id')"
+
+DEVICE_GRANT="$(
+  req POST "${DEVICE_AUTHORIZATION_ENDPOINT}" \
+    --data-urlencode "client_id=${CLIENT_ID}" \
+    --data-urlencode "scope=${SCOPE}"
+)"
+
+cat - <<EOF
+-----------------------
+            Homeserver: ${CS_API}
+ Registration endpoint: ${REGISTRATION_ENDPOINT}
+  Device auth endpoint: ${DEVICE_AUTHORIZATION_ENDPOINT}
+        Token endpoint: ${TOKEN_ENDPOINT}
+             Client ID: ${CLIENT_ID}
+                 Scope: ${SCOPE}
+-----------------------
+EOF
+
+echo
+echo "Open the following URL in your browser:"
+echo "$DEVICE_GRANT" | jq -r ".verification_uri_complete"
+echo
+
+# If we have qrencode
+if command -v qrencode 2>/dev/null; then
+  echo "$DEVICE_GRANT" | jq -r ".verification_uri_complete" | qrencode -t ANSI256UTF8
+  echo
+fi
+
+echo "Alternatively, go to $(echo "$DEVICE_GRANT" | jq -r ".verification_uri") and enter the code $(echo "$DEVICE_GRANT" | jq -r ".user_code")"
+echo
+echo -----------------------
+echo
+
+DEVICE_CODE="$(echo "$DEVICE_GRANT" | jq -r ".device_code")"
+INTERVAL="$(echo "$DEVICE_GRANT" | jq -r ".interval")"
+
+while true; do
+  DEVICE_RESP="$(
+    req POST "${TOKEN_ENDPOINT}" \
+      --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:device_code" \
+      --data-urlencode "device_code=${DEVICE_CODE}" \
+      --data-urlencode "client_id=${CLIENT_ID}" || true
+  )"
+  if [ "$(echo "$DEVICE_RESP" | jq -r ".error")" = "authorization_pending" ]; then
+    echo "Waiting for authorization"
+    sleep "${INTERVAL}"
+  else
+    break
+  fi
+done
+
+echo "$DEVICE_RESP" | jq .
+
+exit 0