element-hq · benbz · May 5, 2026 · May 5, 2026 · May 5, 2026 · May 5, 2026
@@ -0,0 +1 @@
+Document the paths that can be handled on workers with stabilised delegated authentication.
@@ -0,0 +1 @@
+Improve documentation around endpoints that can be enabled with MSC3861.
@@ -290,6 +290,9 @@ information.
     # Unstable MSC4140 support
     ^/_matrix/client/unstable/org.matrix.msc4140/delayed_events(/.*/restart)?$
 
+    # Stabilised Delegated Authentication support (`matrix_authentication_service.enabled: true`)
+    ^/_synapse/mas/
+
 Additionally, the following REST endpoints can be handled for GET requests:
 
     # Push rules requests
@@ -314,7 +317,7 @@ for the room are in flight:
 
 Additionally, the following endpoints should be included if Synapse is configured
 to use SSO (you only need to include the ones for whichever SSO provider you're
-using):
+using) and delegated authentication isn't enabled:
 
     # for all SSO providers
     ^/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect
@@ -343,7 +346,11 @@ set to `true`), the following endpoints can be handled by the worker:
     ^/_synapse/admin/v2/users/[^/]+$
     ^/_synapse/admin/v1/username_available$
     ^/_synapse/admin/v1/users/[^/]+/_allow_cross_signing_replacement_without_uia$
-    ^/_synapse/admin/v1/users/[^/]+/devices$
+    ^/_synapse/admin/v2/users/[^/]+/devices(/|$)
+
+Do note that these endpoints can't be handled by workers if the stabilised delegated
+authentication support is enabled (`matrix_authentication_service.enabled` set to
+`true`).
 
 Note that a [HTTP listener](usage/configuration/config_documentation.md#listeners)
 with `client` and `federation` `resources` must be configured in the
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Document the paths that can be handled on workers with stabilised delegated authentication.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Improve documentation around endpoints that can be enabled with MSC3861.