Matrix doesn't actually define how one should do authentication though... every homeserver software is free to implement it however they want.
Matrix doesn't actually define how one should do authentication though... every homeserver software is free to implement it however they want.
the main bit of auth which was left unimplemented on matrix-workers was the critical logic which authorizes traffic over federation: https://spec.matrix.org/latest/server-server-api/#authorizat...
Auth for clients is also specified in the spec - there is some scope for homeservers to freestyle, but nowadays they have to implement OIDC: https://spec.matrix.org/latest/client-server-api/#client-aut...