🚀 Towards Matrix 2.0 – MatrixRTC-Authorisation Service
This release brings major foundational work towards MSC4195: MatrixRTC Transport, introduces the new /get_token endpoint, improves validation and error-handling, and enhances deployment flexibility with improved bind controls.
✨ What's New
Implementation of MSC4195: MatrixRTC Transport using LiveKit Backend
This release introduces the new MSC4195-compliant request flow and /get_token endpoint, while keeping /get/sfu available for a transition period.
Key changes:
- Added unified error handling via
writeMatrixError. - Introduced new Matrix 2.0
SFURequesttype, alongsideLegacySFURequest. - Refactored internal functions for better testability and structure.
- Added extensive new tests across request mapping, processing, and JSON handling.
- Updated logging, error codes, and user-identity checks.
🔌 Allow Binding of Arbitrary Addresses
This release improves deployment flexibility by allowing the service to bind to any or a specific address.
Features & Fixes
- feat: Introduced support for binding to arbitrary addresses.
Contributed by @matdup - fix: Documentation updated for environment variable changes.
- feat: Reintroduced
LIVEKIT_JWT_PORTfor backward compatibility.- Now mutually exclusive with
LIVEKIT_JWT_BIND. - Emits a warning when used.
- Now mutually exclusive with
- feat: Enforced mutual exclusivity between
LIVEKIT_JWT_BINDandLIVEKIT_JWT_PORT.
⚙️ Configuration
Environment Variables
| Variable | Description |
|---|---|
LIVEKIT_JWT_BIND
| Binds the service to a specific host:port (new preferred method). Defaults to :8080
|
LIVEKIT_JWT_PORT
| Deprecated but still supported. Mutually exclusive with LIVEKIT_JWT_BIND.
|
Endpoint Changes
| Endpoint | Status | Notes |
|---|---|---|
/get_token
| New (Primary) | Conforms to MSC4195. |
/get/sfu
| Legacy (Transitional) | Auto-maps request types; will be removed in a future release. |
🤝 Client Compatibility
- Legacy MatrixRTC clients continue functioning via
/get/sfu. - MSC4195-aware clients should migrate to
/get_token. - Both request formats remain supported during the transition.
- Stricter validation may require client-side updates:
- Correct request field shapes
- Accurate user identity claims (
claimed_user_idvs OpenIDsub)
Docker image
The service is available as a Docker image from the GitHub Container Registry.
docker pull ghcr.io/element-hq/lk-jwt-service:0.4.0
Precompiled binaries
The service is available as static precompiled binaries for amd64 and arm64 on linux attached to this release below.
What's Changed
- ci: add static go releases for linux arm64 and amd64 by @csett86 in #111
- fix(deps): update github.com/matrix-org/gomatrixserverlib digest to a234d6d by @renovate[bot] in #113
- chore(deps): update dependency go to v1.24.5 by @renovate[bot] in #114
- refactor README.md by @fkwp in #115
- feat: allow binding of arbitrary addresses by @MatthieuCoder in #118
- fix(deps): update github.com/matrix-org/gomatrixserverlib digest to 6697d93 by @renovate[bot] in #120
- chore(deps): update dependency go to v1.25.3 by @renovate[bot] in #121
- Refactor config parsing by @fkwp in #125
- fix(deps): update module github.com/golang-jwt/jwt/v5 to v5.3.0 by @renovate[bot] in #127
- chore(deps): update github actions by @renovate[bot] in #126
- Implementation of MSC4195: MatrixRTC Transport using LiveKit Backend by @fkwp in #128
- fix: add
expires_infield toOpenIDTokenTypeby @fkwp in #130
New Contributors
- @csett86 made their first contribution in #111
- @MatthieuCoder made their first contribution in #118
Full Changelog: v0.3.0...v0.4.0