Creating an account and access token for Draupnir
To deactivate users, move aliases, and shutdown rooms, Draupnir will need to be a server admin. These features are only supported on Synapse.
While Draupnir can be run on a rate limited account without issue. We recommend disabling rate limiting if the option is available to you. After you have created your account, you can see how to manage rate limiting here.
Pre-requisites
This page is going to tell you how to:
- Create a fresh Matrix account for your Draupnir bot to use, optionally with server admin capabilities.
- Create an access token for your bot to use to access the Matrix account.
Which is an opaque string that you will paste into your
config file under the
accessTokenkey (or via the--access-token-pathoption). - Optionally disable rate limits for the account.
- Optionally turn an existing Synapse account into a synapse admin account.
Creating an account
Synapse
To create a new server admin account, you can use Synapse's
register_new_matrix_user command. See the Synapse documentation for the
admin api.
If you are using MAS (Element's matrix-authentication-service), see how to register users using the mas-cli.
Once you have created an account proceed to creating a token.
Dendrite
Please see the dendrite documentation for the create-account command
here.
Other or no server admin access
Proceed to creating an account or logging in with Element.
Creating a token (all homeservers)
Creating a token with access to mas-cli
If you are deployed against a homeserver using MAS, but without access to the mas-cli, you will need to follow the instructions for creating a token with curl.
If you are using MAS, and you are a homeserver administrator, you will then need
to create a token for Draupnir using mas-cli.
mas-cli manage issue-compatibility-token --yes-i-want-to-grant-synapse-admin-privileges <username>1mas-cli manage provision-all-users2
Note that these two command require an existing account.
Creating an account or logging in with Element
You should create an account or login by opening Element in a separate browser profile or incognito tab and registering an account for the bot.
Getting a token from Element web
Do not copy the access token from Element web if your homeserver is using MAS (matrix-authentication-service). This includes bots deployed against matrix.org. Instead, you should use curl (see below). This is because the token Element web provisions expires very quickly. You can still register the user with Element however.
If your Draupnir is not configured to use Encryption, you can then, go to "All
Settings", "Help & About", and click the little triangle next to "Access token".
Copy and paste that into your config file under the
accessToken key.
Do not log out, just close the window, otherwise the access token will be invalidated.
If you have presence enabled on your homeserver, do not keep the window open or use the same session to login to the Draupnir account as this will cause you to accidentally trigger a bug in Synapse or Element web that will flood presence updates.
Getting a token with curl (MAS and Encryption friendly)
To get an access token with curl, you will need three pieces of information.
- The base url for client-server connections.
- Your draupnir user id localpart.
- Your draupnir user password.
Finding the base url
To find the base url for your homeserver, you will need to visit
https://example.com/.well-known/matrix/client in your browser or with curl:
curl https://example.com/.well-known/matrix/client. You should see some JSON
like this in response:
{
"m.homeserver": {
"base_url": "https://matrix-client.example.com"
}
}
The base_url under m.homeserver is your client-server base_url.
Finding the draupnir user id localpart
If your draupnir user matrix identifier is @draupnir:example.com the localpart
will be draupnir.
Fetching the access token
To create the access token replace DRAUPNIR_LOCALPART, DRAUPNIR_USER_PASSWORD, and CLIENT_BASE_URL with the information gathered prior.
curl -XPOST -d '{
"identifier": { "type": "m.id.user", "user": "DRAUPNIR_LOCALPART" },
"password": "DRAUPNIR_USER_PASSWORD",
"type": "m.login.password",
}' 'CLIENT_BASE_URL/_matrix/client/r0/login'
So that it should look like this:
curl -XPOST -d '{
"identifier": { "type": "m.id.user", "user": "draupnir" },
"password": "********",
"type": "m.login.password",
}' 'https://matrix-client.example.com/_matrix/client/r0/login'
You should get a response containing your access token.
Disabling rate limiting
By default, Draupnir will be rate limited by homeservers, which can inhibit Draupnir's ability to respond in some scenarios, particularly while redacting lots of messages.
It's therefore recommended to turn off ratelimiting for a draupnir bot, see
the synapse admin API documentation
for more information. For Dendrite this is configured in
dendrite.yaml
by adding exempt_user_ids: under rate_limiting:.
Making Draupnir a Synapse Admin
If you registered a new account, please see the Synapse documentation for how to make an existing account a Synapse admin here.
Footnotes
-
You can find more about it in the official documentation at https://element-hq.github.io/matrix-authentication-service/reference/cli/manage.html#manage-issue-compatibility-token ↩
-
This ensures that synapse is aware of the user's new device. Otherwise synapse will reject requests. Check upstream for more information ↩