| 18 Feb 2022 |
 f0x | https://github.com/sandhose/matrix-doc/blob/sandhose/msc/refresh-token/proposals/2918-refreshtokens.md these are entirely opaque whereas the old (long) access tokens actually encoded the MXID | 23:57:27 |
| f0x | so you would need to do an http request or database access to figure out who the token is for | 23:57:41 |
| 19 Feb 2022 |
 hexa | In reply to @f0x:pixie.town
we would also need some way of handling the load balancing considerations when having multiple sync or federationReceiver workers ideally yes, but until that is possible we should resort to simpler measure, like hashing the src address of incoming requests | 01:07:27 |
| f0x | oh that's pretty good actually | 01:08:17 |
| hexa | also I think there was something proxy-adjacent linked recently, I think by sorunome? | 01:09:37 |
| hexa | https://github.com/Sorunome/matrix-synchrotron-balancer | 01:09:43 |
| hexa | though that looks dated? | 01:09:46 |
 Dandellion | its old and uses the trick with usernames in AS tokens IIRC | 01:09:59 |
| hexa | so no good | 01:10:31 |
| f0x | In reply to @dandellion:dodsorf.as
its old and uses the trick with usernames in AS tokens IIRC it does use a whoami request so should still work | 01:12:04 |
| f0x | maybe other parts changed though | 01:12:33 |
| f0x | using a hash of the authorization header could work too? | 01:12:52 |
| Dandellion | huh you're right | 01:13:11 |
| hexa | yeah, so how do you access that in nginx? | 01:16:07 |
| f0x | $http_Authorization apparently | 01:17:51 |
| hexa | neat | 01:17:58 |
| hexa | so it's just hash $http_Authorization and we'd be good? | 01:18:30 |
| f0x | i have no idea but it's worth a try :P | 01:18:55 |
| hexa | so I wonder, you're saying that ideally we'd support both | 01:21:05 |
| hexa | but what would you people actually be using if both were available? | 01:21:16 |
| Dandellion | since the same data needs to be synced to all devices, currently it makes more sense let the workers cache things by username and not device | 01:22:07 |
| Dandellion | I don't think it actually matters for anything but the largest installations | 01:22:29 |
| hexa | so we have two means to get the user, by IP or by Authorization header | 01:22:45 |
| hexa | * so we have two means to get the device, by IP or by Authorization header | 01:22:53 |
| f0x | In reply to @hexa:lossy.network
but what would you people actually be using if both were available? the vast majority just needs some fixed worker types | 01:23:02 |
| Dandellion | i'd use IP in that case | 01:23:02 |
| hexa | but how would we generalize towards the user? | 01:23:04 |
| f0x | to split the important parts into a few processes | 01:23:11 |
| f0x | tbqh most people might not even need multiple of the difficult to load balance types | 01:23:52 |
| hexa | anyway, if you have ideas for how to solve these problems, dump them into the document | 01:27:18 |
