@unwanted/matrix-sdk-mini 34.12.0 → 36.0.0

package/src/client.ts

@@ -20,7 +20,6 @@ limitations under the License.
 
 import { Optional } from "matrix-events-sdk";
 
-import type { IDeviceKeys, IMegolmSessionData, IOneTimeKey } from "./@types/crypto.ts";
 import { ISyncStateData, SetPresence, SyncApi, SyncApiOptions, SyncState } from "./sync.ts";
 import {
     EventStatus,
@@ -33,25 +32,14 @@ import {
     PushDetails,
 } from "./models/event.ts";
 import { StubStore } from "./store/stub.ts";
-import { CallEvent, CallEventHandlerMap, createNewMatrixCall, MatrixCall, supportsMatrixCall } from "./webrtc/call.ts";
 import { Filter, IFilterDefinition, IRoomEventFilter } from "./filter.ts";
-import { CallEventHandler, CallEventHandlerEvent, CallEventHandlerEventHandlerMap } from "./webrtc/callEventHandler.ts";
-import {
-    GroupCallEventHandler,
-    GroupCallEventHandlerEvent,
-    GroupCallEventHandlerEventHandlerMap,
-} from "./webrtc/groupCallEventHandler.ts";
 import * as utils from "./utils.ts";
-import { noUnsafeEventProps, QueryDict, replaceParam, safeSet, sleep } from "./utils.ts";
+import { noUnsafeEventProps, QueryDict, replaceParam, sleep } from "./utils.ts";
 import { Direction, EventTimeline } from "./models/event-timeline.ts";
 import { IActionsObject, PushProcessor } from "./pushprocessor.ts";
 import { AutoDiscovery, AutoDiscoveryAction } from "./autodiscovery.ts";
-import * as olmlib from "./crypto/olmlib.ts";
-import { decodeBase64, encodeBase64, encodeUnpaddedBase64Url } from "./base64.ts";
-import { IExportedDevice as IExportedOlmDevice } from "./crypto/OlmDevice.ts";
-import { IOlmDevice } from "./crypto/algorithms/megolm.ts";
+import { encodeUnpaddedBase64Url } from "./base64.ts";
 import { TypedReEmitter } from "./ReEmitter.ts";
-import { IRoomEncryption } from "./crypto/RoomList.ts";
 import { logger, Logger } from "./logger.ts";
 import { SERVICE_TYPES } from "./service-types.ts";
 import {
@@ -60,7 +48,6 @@ import {
     FileType,
     HttpApiEvent,
     HttpApiEventHandlerMap,
-    HTTPError,
     IdentityPrefix,
     IHttpOpts,
     IRequestOpts,
@@ -74,39 +61,16 @@ import {
     UploadOpts,
     UploadResponse,
 } from "./http-api/index.ts";
-import {
-    Crypto,
-    CryptoEvent as LegacyCryptoEvent,
-    CryptoEventHandlerMap as LegacyCryptoEventHandlerMap,
-    fixBackupKey,
-    ICheckOwnCrossSigningTrustOpts,
-    IRoomKeyRequestBody,
-    isCryptoAvailable,
-} from "./crypto/index.ts";
-import { DeviceInfo } from "./crypto/deviceinfo.ts";
 import { User, UserEvent, UserEventHandlerMap } from "./models/user.ts";
 import { getHttpUriForMxc } from "./content-repo.ts";
 import { SearchResult } from "./models/search-result.ts";
-import { DEHYDRATION_ALGORITHM, IDehydratedDevice, IDehydratedDeviceKeyInfo } from "./crypto/dehydration.ts";
-import {
-    IKeyBackupInfo,
-    IKeyBackupPrepareOpts,
-    IKeyBackupRestoreOpts,
-    IKeyBackupRestoreResult,
-    IKeyBackupRoomSessions,
-    IKeyBackupSession,
-} from "./crypto/keybackup.ts";
 import { IIdentityServerProvider } from "./@types/IIdentityServerProvider.ts";
 import { MatrixScheduler } from "./scheduler.ts";
 import { BeaconEvent, BeaconEventHandlerMap } from "./models/beacon.ts";
 import { AuthDict } from "./interactive-auth.ts";
 import { IMinimalEvent, IRoomEvent, IStateEvent } from "./sync-accumulator.ts";
-import { CrossSigningKey, ICreateSecretStorageOpts, IEncryptedEventInfo, IRecoveryKey } from "./crypto/api.ts";
 import { EventTimelineSet } from "./models/event-timeline-set.ts";
-import { VerificationRequest } from "./crypto/verification/request/VerificationRequest.ts";
-import { VerificationBase as Verification } from "./crypto/verification/Base.ts";
 import * as ContentHelpers from "./content-helpers.ts";
-import { CrossSigningInfo, DeviceTrustLevel, ICacheCallbacks, UserTrustLevel } from "./crypto/CrossSigning.ts";
 import { NotificationCountType, Room, RoomEvent, RoomEventHandlerMap, RoomNameState } from "./models/room.ts";
 import { RoomMemberEvent, RoomMemberEventHandlerMap } from "./models/room-member.ts";
 import { IPowerLevelsContent, RoomStateEvent, RoomStateEventHandlerMap } from "./models/room-state.ts";
@@ -137,6 +101,7 @@ import {
     UpdateDelayedEventAction,
 } from "./@types/requests.ts";
 import {
+    AccountDataEvents,
     EventType,
     LOCAL_NOTIFICATION_SETTINGS_PREFIX,
     MSC3912_RELATION_BASED_REDACTIONS_PROP,
@@ -160,12 +125,10 @@ import {
     Visibility,
 } from "./@types/partials.ts";
 import { EventMapper, eventMapperFor, MapperOpts } from "./event-mapper.ts";
-import { randomString } from "./randomstring.ts";
-import { BackupManager, IKeyBackup, IKeyBackupCheck, IPreparedKeyBackupVersion, TrustInfo } from "./crypto/backup.ts";
+import { secureRandomString } from "./randomstring.ts";
 import { DEFAULT_TREE_POWER_LEVELS_TEMPLATE, MSC3089TreeSpace } from "./models/MSC3089TreeSpace.ts";
 import { ISignatures } from "./@types/signed.ts";
 import { IStore } from "./store/index.ts";
-import { ISecretRequest } from "./crypto/SecretStorage.ts";
 import {
     IEventWithRoomId,
     ISearchRequestBody,
@@ -187,9 +150,6 @@ import {
     RuleId,
 } from "./@types/PushRules.ts";
 import { IThreepid } from "./@types/threepids.ts";
-import { CryptoStore, OutgoingRoomKeyRequest } from "./crypto/store/base.ts";
-import { GroupCall, GroupCallIntent, GroupCallType, IGroupCallDataChannelOptions } from "./webrtc/groupCall.ts";
-import { MediaHandler } from "./webrtc/mediaHandler.ts";
 import {
     ILoginFlowsResponse,
     IRefreshTokenResponse,
@@ -218,42 +178,20 @@ import { IgnoredInvites } from "./models/invites-ignorer.ts";
 import { UIARequest, UIAResponse } from "./@types/uia.ts";
 import { LocalNotificationSettings } from "./@types/local_notifications.ts";
 import { buildFeatureSupportMap, Feature, ServerSupport } from "./feature.ts";
-import { BackupDecryptor, CryptoBackend } from "./common-crypto/CryptoBackend.ts";
-import { RUST_SDK_STORE_PREFIX } from "./rust-crypto/constants.ts";
-import {
-    BootstrapCrossSigningOpts,
-    CrossSigningKeyInfo,
-    CryptoApi,
-    decodeRecoveryKey,
-    ImportRoomKeysOpts,
-    CryptoEvent,
-    CryptoEventHandlerMap,
-    CryptoCallbacks,
-} from "./crypto-api/index.ts";
-import { DeviceInfoMap } from "./crypto/DeviceList.ts";
-import {
-    AddSecretStorageKeyOpts,
-    SecretStorageKeyDescription,
-    ServerSideSecretStorage,
-    ServerSideSecretStorageImpl,
-} from "./secret-storage.ts";
 import { RegisterRequest, RegisterResponse } from "./@types/registration.ts";
-import { MatrixRTCSessionManager } from "./matrixrtc/MatrixRTCSessionManager.ts";
 import { getRelationsThreadFilter } from "./thread-utils.ts";
 import { KnownMembership, Membership } from "./@types/membership.ts";
 import { RoomMessageEventContent, StickerEventContent } from "./@types/events.ts";
 import { ImageInfo } from "./@types/media.ts";
 import { Capabilities, ServerCapabilities } from "./serverCapabilities.ts";
 import { sha256 } from "./digest.ts";
-import { keyFromAuthData } from "./common-crypto/key-passphrase.ts";
+import { discoverAndValidateOIDCIssuerWellKnown, OidcClientConfig, validateAuthMetadataAndKeys } from "./oidc/index.ts";
 
 export type Store = IStore;
 
 export type ResetTimelineCallback = (roomId: string) => boolean;
 
 const SCROLLBACK_DELAY_MS = 3000;
-export const CRYPTO_ENABLED: boolean = isCryptoAvailable();
-const TURN_CHECK_INTERVAL = 10 * 60 * 1000; // poll for turn credentials every 10 minutes
 
 export const UNSTABLE_MSC3852_LAST_SEEN_UA = new UnstableValue(
     "last_seen_user_agent",
@@ -261,18 +199,10 @@ export const UNSTABLE_MSC3852_LAST_SEEN_UA = new UnstableValue(
 );
 
 interface IExportedDevice {
-    olmDevice: IExportedOlmDevice;
     userId: string;
     deviceId: string;
 }
 
-export interface IKeysUploadResponse {
-    one_time_key_counts: {
-        // eslint-disable-line camelcase
-        [algorithm: string]: number;
-    };
-}
-
 export interface ICreateClientOpts {
     baseUrl: string;
 
@@ -285,20 +215,6 @@ export interface ICreateClientOpts {
      */
     store?: Store;
 
-    /**
-     * A store to be used for end-to-end crypto session data.
-     * The `createClient` helper will create a default store if needed. Calls the factory supplied to
-     * {@link setCryptoStoreFactory} if unspecified; or if no factory has been
-     * specified, uses a default implementation (indexeddb in the browser,
-     * in-memory otherwise).
-     *
-     * This is only used for the legacy crypto implementation (as used by {@link MatrixClient#initCrypto}),
-     * but if you use the rust crypto implementation ({@link MatrixClient#initRustCrypto}) and the device
-     * previously used legacy crypto (so must be migrated), then this must still be provided, so that the
-     * data can be migrated from the legacy store.
-     */
-    cryptoStore?: CryptoStore;
-
     /**
      * The scheduler to use. If not
      * specified, this client will not retry requests on failure. This client
@@ -382,18 +298,6 @@ export interface ICreateClientOpts {
      */
     deviceToImport?: IExportedDevice;
 
-    /**
-     * Encryption key used for encrypting sensitive data (such as e2ee keys) in {@link ICreateClientOpts#cryptoStore}.
-     *
-     * This must be set to the same value every time the client is initialised for the same device.
-     *
-     * This is only used for the legacy crypto implementation (as used by {@link MatrixClient#initCrypto}),
-     * but if you use the rust crypto implementation ({@link MatrixClient#initRustCrypto}) and the device
-     * previously used legacy crypto (so must be migrated), then this must still be provided, so that the
-     * data can be migrated from the legacy store.
-     */
-    pickleKey?: string;
-
     /**
      * Verification methods we should offer to the other side when performing an interactive verification.
      * If unset, we will offer all known methods. Currently these are: showing a QR code, scanning a QR code, and SAS
@@ -403,11 +307,6 @@ export interface ICreateClientOpts {
      */
     verificationMethods?: Array<string>;
 
-    /**
-     * Whether relaying calls through a TURN server should be forced. Default false.
-     */
-    forceTURN?: boolean;
-
     /**
      * Up to this many ICE candidates will be gathered when an incoming call arrives.
      * Gathering does not send data to the caller, but will communicate with the configured TURN
@@ -415,30 +314,14 @@ export interface ICreateClientOpts {
      */
     iceCandidatePoolSize?: number;
 
-    /**
-     * True to advertise support for call transfers to other parties on Matrix calls. Default false.
-     */
-    supportsCallTransfer?: boolean;
-
     /**
      * Whether to allow a fallback ICE server should be used for negotiating a
      * WebRTC connection if the homeserver doesn't provide any servers. Defaults to false.
      */
     fallbackICEServerAllowed?: boolean;
 
-    /**
-     * If true, to-device signalling for group calls will be encrypted
-     * with Olm. Default: true.
-     */
-    useE2eForGroupCall?: boolean;
-
     livekitServiceURL?: string;
 
-    /**
-     * Crypto callbacks provided by the application
-     */
-    cryptoCallbacks?: CryptoCallbacks;
-
     /**
      * Method to generate room names for empty rooms and rooms names based on membership.
      * Defaults to a built-in English handler with basic pluralisation.
@@ -542,7 +425,7 @@ export interface IStartClientOpts {
     slidingSync?: SlidingSync;
 }
 
-export interface IStoredClientOpts extends IStartClientOpts {}
+export interface IStoredClientOpts extends IStartClientOpts { }
 
 export const GET_LOGIN_TOKEN_CAPABILITY = new NamespacedValue(
     "m.get_login_token",
@@ -557,25 +440,8 @@ export const UNSTABLE_MSC4140_DELAYED_EVENTS = "org.matrix.msc4140";
 
 export const UNSTABLE_MSC4133_EXTENDED_PROFILES = "uk.tcpip.msc4133";
 
-enum CrossSigningKeyType {
-    MasterKey = "master_key",
-    SelfSigningKey = "self_signing_key",
-    UserSigningKey = "user_signing_key",
-}
-
-export type CrossSigningKeys = Record<CrossSigningKeyType, CrossSigningKeyInfo>;
-
 export type SendToDeviceContentMap = Map<string, Map<string, Record<string, any>>>;
 
-export interface ISignedKey {
-    keys: Record<string, string>;
-    signatures: ISignatures;
-    user_id: string;
-    algorithms: string[];
-    device_id: string;
-}
-
-export type KeySignatures = Record<string, Record<string, CrossSigningKeyInfo | ISignedKey>>;
 export interface IUploadKeySignaturesResponse {
     failures: Record<
         string,
@@ -637,13 +503,6 @@ export interface IWellKnownConfig<T = IClientWellKnown> {
     server_name?: string;
 }
 
-interface IKeyBackupPath {
-    path: string;
-    queryData?: {
-        version: string;
-    };
-}
-
 interface IMediaConfig {
     [key: string]: any; // extensible
     "m.upload.size"?: number;
@@ -690,12 +549,6 @@ export interface IRequestMsisdnTokenResponse extends IRequestTokenResponse {
     intl_fmt: string;
 }
 
-export interface IUploadKeysRequest {
-    "device_keys"?: Required<IDeviceKeys>;
-    "one_time_keys"?: Record<string, IOneTimeKey>;
-    "org.matrix.msc2732.fallback_keys"?: Record<string, IOneTimeKey>;
-}
-
 export interface IQueryKeysRequest {
     device_keys: { [userId: string]: string[] };
     timeout?: number;
@@ -790,27 +643,6 @@ export interface Keys {
     user_id: string;
 }
 
-export interface SigningKeys extends Keys {
-    signatures: ISignatures;
-}
-
-export interface DeviceKeys {
-    [deviceId: string]: IDeviceKeys & {
-        unsigned?: {
-            device_display_name: string;
-        };
-    };
-}
-
-export interface IDownloadKeyResult {
-    failures: { [serverName: string]: object };
-    device_keys: { [userId: string]: DeviceKeys };
-    // the following three fields were added in 1.1
-    master_keys?: { [userId: string]: Keys };
-    self_signing_keys?: { [userId: string]: SigningKeys };
-    user_signing_keys?: { [userId: string]: SigningKeys };
-}
-
 export interface IClaimOTKsResult {
     failures: { [serverName: string]: object };
     one_time_keys: {
@@ -879,14 +711,6 @@ export interface RoomSummary extends Omit<IPublicRoomsChunkRoom, "canonical_alia
     "im.nheko.summary.encryption"?: string;
 }
 
-interface IRoomKeysResponse {
-    sessions: IKeyBackupRoomSessions;
-}
-
-interface IRoomsKeysResponse {
-    rooms: Record<string, IRoomKeysResponse>;
-}
-
 interface IRoomHierarchy {
     rooms: IHierarchyRoom[];
     next_batch?: string;
@@ -945,26 +769,6 @@ type RoomStateEvents =
     | RoomStateEvent.Update
     | RoomStateEvent.Marker;
 
-type LegacyCryptoEvents =
-    | LegacyCryptoEvent.KeySignatureUploadFailure
-    | LegacyCryptoEvent.KeyBackupStatus
-    | LegacyCryptoEvent.KeyBackupFailed
-    | LegacyCryptoEvent.KeyBackupSessionsRemaining
-    | LegacyCryptoEvent.KeyBackupDecryptionKeyCached
-    | LegacyCryptoEvent.RoomKeyRequest
-    | LegacyCryptoEvent.RoomKeyRequestCancellation
-    | LegacyCryptoEvent.VerificationRequest
-    | LegacyCryptoEvent.VerificationRequestReceived
-    | LegacyCryptoEvent.DeviceVerificationChanged
-    | LegacyCryptoEvent.UserTrustStatusChanged
-    | LegacyCryptoEvent.KeysChanged
-    | LegacyCryptoEvent.Warning
-    | LegacyCryptoEvent.DevicesUpdated
-    | LegacyCryptoEvent.WillUpdateDevices
-    | LegacyCryptoEvent.LegacyCryptoStoreMigrationProgress;
-
-type CryptoEvents = (typeof CryptoEvent)[keyof typeof CryptoEvent];
-
 type MatrixEventEvents = MatrixEventEvent.Decrypted | MatrixEventEvent.Replaced | MatrixEventEvent.VisibilityChange;
 
 type RoomMemberEvents =
@@ -984,17 +788,9 @@ export type EmittedEvents =
     | ClientEvent
     | RoomEvents
     | RoomStateEvents
-    | LegacyCryptoEvents
-    | CryptoEvents
     | MatrixEventEvents
     | RoomMemberEvents
     | UserEvents
-    | CallEvent // re-emitted by call.ts using Object.values
-    | CallEventHandlerEvent.Incoming
-    | GroupCallEventHandlerEvent.Incoming
-    | GroupCallEventHandlerEvent.Outgoing
-    | GroupCallEventHandlerEvent.Ended
-    | GroupCallEventHandlerEvent.Participants
     | HttpApiEvent.SessionLoggedOut
     | HttpApiEvent.NoConsent
     | BeaconEvent;
@@ -1196,14 +992,9 @@ export type ClientEventHandlerMap = {
     [ClientEvent.TurnServersError]: (error: Error, fatal: boolean) => void;
 } & RoomEventHandlerMap &
     RoomStateEventHandlerMap &
-    LegacyCryptoEventHandlerMap &
-    CryptoEventHandlerMap &
     MatrixEventHandlerMap &
     RoomMemberEventHandlerMap &
     UserEventHandlerMap &
-    CallEventHandlerEventHandlerMap &
-    GroupCallEventHandlerEventHandlerMap &
-    CallEventHandlerMap &
     HttpApiEventHandlerMap &
     BeaconEventHandlerMap;
 
@@ -1226,17 +1017,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
     public deviceId: string | null;
     public credentials: { userId: string | null };
 
-    /**
-     * Encryption key used for encrypting sensitive data (such as e2ee keys) in storage.
-     *
-     * As supplied in the constructor via {@link IMatrixClientCreateOpts#pickleKey}.
-     *
-     * If unset, either a hardcoded key or no encryption at all is used, depending on the Crypto implementation.
-     *
-     * @deprecated this should be a private property.
-     */
-    public pickleKey?: string;
-
     public scheduler?: MatrixScheduler;
     public clientRunning = false;
     public timelineSupport = false;
@@ -1244,20 +1024,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
     public identityServer?: IIdentityServerProvider;
     public http: MatrixHttpApi<IHttpOpts & { onlyData: true }>; // XXX: Intended private, used in code.
 
-    /**
-     * The libolm crypto implementation, if it is in use.
-     *
-     * @deprecated This should not be used. Instead, use the methods exposed directly on this class or
-     * (where they are available) via {@link getCrypto}.
-     */
-    public crypto?: Crypto; // XXX: Intended private, used in code. Being replaced by cryptoBackend
-
-    private cryptoBackend?: CryptoBackend; // one of crypto or rustCrypto
-    public cryptoCallbacks: CryptoCallbacks; // XXX: Intended private, used in code.
-    public callEventHandler?: CallEventHandler; // XXX: Intended private, used in code.
-    public groupCallEventHandler?: GroupCallEventHandler;
-    public supportsCallTransfer = false; // XXX: Intended private, used in code.
-    public forceTURN = false; // XXX: Intended private, used in code.
     public iceCandidatePoolSize = 0; // XXX: Intended private, used in code.
     public idBaseUrl?: string;
     public baseUrl: string;
@@ -1268,13 +1034,11 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
     // Note: these are all `protected` to let downstream consumers make mistakes if they want to.
     // We don't technically support this usage, but have reasons to do this.
 
-    protected canSupportVoip = false;
     protected peekSync: SyncApi | null = null;
     protected isGuestAccount = false;
     protected ongoingScrollbacks: { [roomId: string]: { promise?: Promise<Room>; errorTs?: number } } = {};
     protected notifTimelineSet: EventTimelineSet | null = null;
     /* @deprecated  */
-    protected cryptoStore?: CryptoStore;
     protected verificationMethods?: string[];
     protected fallbackICEServerAllowed = false;
     protected syncApi?: SlidingSyncSdk | SyncApi;
@@ -1297,12 +1061,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
 
     protected clientWellKnown?: IClientWellKnown;
     protected clientWellKnownPromise?: Promise<IClientWellKnown>;
-    protected turnServers: ITurnServer[] = [];
-    protected turnServersExpiry = 0;
-    protected checkTurnServersIntervalID?: ReturnType<typeof setInterval>;
-    protected exportedOlmDeviceToImport?: IExportedOlmDevice;
     protected txnCtr = 0;
-    protected mediaHandler = new MediaHandler(this);
     protected sessionId: string;
 
     /** IDs of events which are currently being encrypted.
@@ -1312,17 +1071,12 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      */
     private eventsBeingEncrypted = new Set<string>();
 
-    private useE2eForGroupCall = true;
     private toDeviceMessageQueue: ToDeviceMessageQueue;
     public livekitServiceURL?: string;
 
-    private _secretStorage: ServerSideSecretStorageImpl;
-
     // A manager for determining which invites should be ignored.
     public readonly ignoredInvites: IgnoredInvites;
 
-    public readonly matrixRTC: MatrixRTCSessionManager;
-
     private serverCapabilitiesService: ServerCapabilities;
 
     public constructor(opts: IMatrixClientCreateOpts) {
@@ -1342,7 +1096,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         this.usingExternalCrypto = opts.usingExternalCrypto ?? false;
         this.store = opts.store || new StubStore();
         this.deviceId = opts.deviceId || null;
-        this.sessionId = randomString(10);
+        this.sessionId = secureRandomString(10);
 
         const userId = opts.userId || null;
         this.credentials = { userId };
@@ -1366,23 +1120,19 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
             if (this.deviceId) {
                 this.logger.warn(
                     "not importing device because device ID is provided to " +
-                        "constructor independently of exported data",
+                    "constructor independently of exported data",
                 );
             } else if (this.credentials.userId) {
                 this.logger.warn(
                     "not importing device because user ID is provided to " +
-                        "constructor independently of exported data",
+                    "constructor independently of exported data",
                 );
             } else if (!opts.deviceToImport.deviceId) {
                 this.logger.warn("not importing device because no device ID in exported data");
             } else {
                 this.deviceId = opts.deviceToImport.deviceId;
                 this.credentials.userId = opts.deviceToImport.userId;
-                // will be used during async initialization of the crypto
-                this.exportedOlmDeviceToImport = opts.deviceToImport.olmDevice;
             }
-        } else if (opts.pickleKey) {
-            this.pickleKey = opts.pickleKey;
         }
 
         this.useLivekitForGroupCalls = Boolean(opts.useLivekitForGroupCalls);
@@ -1404,54 +1154,25 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
             });
         }
 
-        if (supportsMatrixCall()) {
-            this.callEventHandler = new CallEventHandler(this);
-            this.groupCallEventHandler = new GroupCallEventHandler(this);
-            this.canSupportVoip = true;
-            // Start listening for calls after the initial sync is done
-            // We do not need to backfill the call event buffer
-            // with encrypted events that might never get decrypted
-            this.on(ClientEvent.Sync, this.startCallEventHandler);
-        }
-
-        // NB. We initialise MatrixRTC whether we have call support or not: this is just
-        // the underlying session management and doesn't use any actual media capabilities
-        this.matrixRTC = new MatrixRTCSessionManager(this);
-
         this.serverCapabilitiesService = new ServerCapabilities(this.http);
 
         this.on(ClientEvent.Sync, this.fixupRoomNotifications);
 
         this.timelineSupport = Boolean(opts.timelineSupport);
 
-        this.cryptoStore = opts.cryptoStore;
         this.verificationMethods = opts.verificationMethods;
-        this.cryptoCallbacks = opts.cryptoCallbacks || {};
 
-        this.forceTURN = opts.forceTURN || false;
         this.iceCandidatePoolSize = opts.iceCandidatePoolSize === undefined ? 0 : opts.iceCandidatePoolSize;
-        this.supportsCallTransfer = opts.supportsCallTransfer || false;
         this.fallbackICEServerAllowed = opts.fallbackICEServerAllowed || false;
         this.isVoipWithNoMediaAllowed = opts.isVoipWithNoMediaAllowed || false;
 
-        if (opts.useE2eForGroupCall !== undefined) this.useE2eForGroupCall = opts.useE2eForGroupCall;
-
         this.livekitServiceURL = opts.livekitServiceURL;
 
         this.roomNameGenerator = opts.roomNameGenerator;
 
         this.toDeviceMessageQueue = new ToDeviceMessageQueue(this);
 
-        // The SDK doesn't really provide a clean way for events to recalculate the push
-        // actions for themselves, so we have to kinda help them out when they are encrypted.
-        // We do this so that push rules are correctly executed on events in their decrypted
-        // state, such as highlights when the user's name is mentioned.
-        this.on(MatrixEventEvent.Decrypted, (event) => {
-            fixNotificationCountOnDecryption(this, event);
-        });
-
         this.ignoredInvites = new IgnoredInvites(this);
-        this._secretStorage = new ServerSideSecretStorageImpl(this, opts.cryptoCallbacks ?? {});
 
         // having lots of event listeners is not unusual. 0 means "unlimited".
         this.setMaxListeners(0);
@@ -1480,8 +1201,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         }
         this.clientRunning = true;
 
-        this.on(ClientEvent.Sync, this.startMatrixRTC);
-
         // Create our own user object artificially (instead of waiting for sync)
         // so it's always available, even if the user is not in any rooms etc.
         const userId = this.getUserId();
@@ -1489,15 +1208,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
             this.store.storeUser(new User(userId));
         }
 
-        // periodically poll for turn servers if we support voip
-        if (this.canSupportVoip) {
-            this.checkTurnServersIntervalID = setInterval(() => {
-                this.checkTurnServers();
-            }, TURN_CHECK_INTERVAL);
-            // noinspection ES6MissingAwait
-            this.checkTurnServers();
-        }
-
         if (this.syncApi) {
             // This shouldn't happen since we thought the client was not running
             this.logger.error("Still have sync object whilst not running: stopping old one");
@@ -1526,7 +1236,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
                 this.clientOpts.slidingSync,
                 this,
                 this.clientOpts,
-                this.buildSyncApiOptions(),
             );
         } else {
             this.syncApi = new SyncApi(this, this.clientOpts, this.buildSyncApiOptions());
@@ -1550,8 +1259,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      */
     protected buildSyncApiOptions(): SyncApiOptions {
         return {
-            crypto: this.crypto,
-            cryptoCallbacks: this.cryptoBackend,
             canResetEntireTimeline: (roomId: string): boolean => {
                 if (!this.canResetTimelineCallback) {
                     return false;
@@ -1566,10 +1273,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * clean shutdown.
      */
     public stopClient(): void {
-        this.cryptoBackend?.stop(); // crypto might have been initialised even if the client wasn't fully started
-
-        this.off(ClientEvent.Sync, this.startMatrixRTC);
-
         if (!this.clientRunning) return; // already stopped
 
         this.logger.debug("stopping MatrixClient");
@@ -1581,190 +1284,15 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
 
         this.peekSync?.stopPeeking();
 
-        this.callEventHandler?.stop();
-        this.groupCallEventHandler?.stop();
-        this.callEventHandler = undefined;
-        this.groupCallEventHandler = undefined;
-
-        globalThis.clearInterval(this.checkTurnServersIntervalID);
-        this.checkTurnServersIntervalID = undefined;
-
         if (this.clientWellKnownIntervalID !== undefined) {
             globalThis.clearInterval(this.clientWellKnownIntervalID);
         }
 
         this.toDeviceMessageQueue.stop();
 
-        this.matrixRTC.stop();
-
         this.serverCapabilitiesService.stop();
     }
 
-    /**
-     * Try to rehydrate a device if available.  The client must have been
-     * initialized with a `cryptoCallback.getDehydrationKey` option, and this
-     * function must be called before initCrypto and startClient are called.
-     *
-     * @returns Promise which resolves to undefined if a device could not be dehydrated, or
-     *     to the new device ID if the dehydration was successful.
-     * @returns Rejects: with an error response.
-     *
-     * @deprecated MSC2697 device dehydration is not supported for rust cryptography.
-     */
-    public async rehydrateDevice(): Promise<string | undefined> {
-        if (this.crypto) {
-            throw new Error("Cannot rehydrate device after crypto is initialized");
-        }
-
-        if (!this.cryptoCallbacks.getDehydrationKey) {
-            return;
-        }
-
-        const getDeviceResult = await this.getDehydratedDevice();
-        if (!getDeviceResult) {
-            return;
-        }
-
-        if (!getDeviceResult.device_data || !getDeviceResult.device_id) {
-            this.logger.info("no dehydrated device found");
-            return;
-        }
-
-        const account = new globalThis.Olm.Account();
-        try {
-            const deviceData = getDeviceResult.device_data;
-            if (deviceData.algorithm !== DEHYDRATION_ALGORITHM) {
-                this.logger.warn("Wrong algorithm for dehydrated device");
-                return;
-            }
-            this.logger.debug("unpickling dehydrated device");
-            const key = await this.cryptoCallbacks.getDehydrationKey(deviceData, (k) => {
-                // copy the key so that it doesn't get clobbered
-                account.unpickle(new Uint8Array(k), deviceData.account);
-            });
-            account.unpickle(key, deviceData.account);
-            this.logger.debug("unpickled device");
-
-            const rehydrateResult = await this.http.authedRequest<{ success: boolean }>(
-                Method.Post,
-                "/dehydrated_device/claim",
-                undefined,
-                {
-                    device_id: getDeviceResult.device_id,
-                },
-                {
-                    prefix: "/_matrix/client/unstable/org.matrix.msc2697.v2",
-                },
-            );
-
-            if (rehydrateResult.success) {
-                this.deviceId = getDeviceResult.device_id;
-                this.logger.info("using dehydrated device");
-                const pickleKey = this.pickleKey || "DEFAULT_KEY";
-                this.exportedOlmDeviceToImport = {
-                    pickledAccount: account.pickle(pickleKey),
-                    sessions: [],
-                    pickleKey: pickleKey,
-                };
-                account.free();
-                return this.deviceId;
-            } else {
-                account.free();
-                this.logger.info("not using dehydrated device");
-                return;
-            }
-        } catch (e) {
-            account.free();
-            this.logger.warn("could not unpickle", e);
-        }
-    }
-
-    /**
-     * Get the current dehydrated device, if any
-     * @returns A promise of an object containing the dehydrated device
-     *
-     * @deprecated MSC2697 device dehydration is not supported for rust cryptography.
-     */
-    public async getDehydratedDevice(): Promise<IDehydratedDevice | undefined> {
-        try {
-            return await this.http.authedRequest<IDehydratedDevice>(
-                Method.Get,
-                "/dehydrated_device",
-                undefined,
-                undefined,
-                {
-                    prefix: "/_matrix/client/unstable/org.matrix.msc2697.v2",
-                },
-            );
-        } catch (e) {
-            this.logger.info("could not get dehydrated device", e);
-            return;
-        }
-    }
-
-    /**
-     * Set the dehydration key.  This will also periodically dehydrate devices to
-     * the server.
-     *
-     * @param key - the dehydration key
-     * @param keyInfo - Information about the key.  Primarily for
-     *     information about how to generate the key from a passphrase.
-     * @param deviceDisplayName - The device display name for the
-     *     dehydrated device.
-     * @returns A promise that resolves when the dehydrated device is stored.
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public async setDehydrationKey(
-        key: Uint8Array,
-        keyInfo: IDehydratedDeviceKeyInfo,
-        deviceDisplayName?: string,
-    ): Promise<void> {
-        if (!this.crypto) {
-            this.logger.warn("not dehydrating device if crypto is not enabled");
-            return;
-        }
-        return this.crypto.dehydrationManager.setKeyAndQueueDehydration(key, keyInfo, deviceDisplayName);
-    }
-
-    /**
-     * Creates a new MSC2967 dehydrated device (without queuing periodic dehydration)
-     * @param key - the dehydration key
-     * @param keyInfo - Information about the key.  Primarily for
-     *     information about how to generate the key from a passphrase.
-     * @param deviceDisplayName - The device display name for the
-     *     dehydrated device.
-     * @returns the device id of the newly created dehydrated device
-     *
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.startDehydration}.
-     */
-    public async createDehydratedDevice(
-        key: Uint8Array,
-        keyInfo: IDehydratedDeviceKeyInfo,
-        deviceDisplayName?: string,
-    ): Promise<string | undefined> {
-        if (!this.crypto) {
-            this.logger.warn("not dehydrating device if crypto is not enabled");
-            return;
-        }
-        await this.crypto.dehydrationManager.setKey(key, keyInfo, deviceDisplayName);
-        return this.crypto.dehydrationManager.dehydrateDevice();
-    }
-
-    /** @deprecated Not supported for Rust Cryptography. */
-    public async exportDevice(): Promise<IExportedDevice | undefined> {
-        if (!this.crypto) {
-            this.logger.warn("not exporting device if crypto is not enabled");
-            return;
-        }
-        return {
-            userId: this.credentials.userId!,
-            deviceId: this.deviceId!,
-            // XXX: Private member access.
-            olmDevice: await this.crypto.olmDevice.export(),
-        };
-    }
-
     /**
      * Clear any data out of the persistent stores used by the client.
      *
@@ -1778,48 +1306,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         const promises: Promise<void>[] = [];
 
         promises.push(this.store.deleteAllData());
-        if (this.cryptoStore) {
-            promises.push(this.cryptoStore.deleteAllData());
-        }
-
-        // delete the stores used by the rust matrix-sdk-crypto, in case they were used
-        const deleteRustSdkStore = async (): Promise<void> => {
-            let indexedDB: IDBFactory;
-            try {
-                indexedDB = globalThis.indexedDB;
-                if (!indexedDB) return; // No indexedDB support
-            } catch {
-                // No indexedDB support
-                return;
-            }
-            for (const dbname of [
-                `${RUST_SDK_STORE_PREFIX}::matrix-sdk-crypto`,
-                `${RUST_SDK_STORE_PREFIX}::matrix-sdk-crypto-meta`,
-            ]) {
-                const prom = new Promise((resolve, reject) => {
-                    this.logger.info(`Removing IndexedDB instance ${dbname}`);
-                    const req = indexedDB.deleteDatabase(dbname);
-                    req.onsuccess = (_): void => {
-                        this.logger.info(`Removed IndexedDB instance ${dbname}`);
-                        resolve(0);
-                    };
-                    req.onerror = (e): void => {
-                        // In private browsing, Firefox has a globalThis.indexedDB, but attempts to delete an indexeddb
-                        // (even a non-existent one) fail with "DOMException: A mutation operation was attempted on a
-                        // database that did not allow mutations."
-                        //
-                        // it seems like the only thing we can really do is ignore the error.
-                        this.logger.warn(`Failed to remove IndexedDB instance ${dbname}:`, e);
-                        resolve(0);
-                    };
-                    req.onblocked = (e): void => {
-                        this.logger.info(`cannot yet remove IndexedDB instance ${dbname}`);
-                    };
-                });
-                await prom;
-            }
-        };
-        promises.push(deleteRustSdkStore());
 
         return Promise.all(promises).then(); // .then to fix types
     }
@@ -1830,10 +1316,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @returns MXID for the logged-in user, or null if not logged in
      */
     public getUserId(): string | null {
-        if (this.credentials && this.credentials.userId) {
-            return this.credentials.userId;
-        }
-        return null;
+        return this.credentials?.userId ?? null;
     }
 
     /**
@@ -1855,7 +1338,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @returns Domain of this MXID
      */
     public getDomain(): string | null {
-        if (this.credentials && this.credentials.userId) {
+        if (this.credentials?.userId) {
             return this.credentials.userId.replace(/^.*?:/, "");
         }
         return null;
@@ -1866,10 +1349,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @returns The user ID localpart or null.
      */
     public getUserIdLocalpart(): string | null {
-        if (this.credentials && this.credentials.userId) {
-            return this.credentials.userId.split(":")[0].substring(1);
-        }
-        return null;
+        return this.credentials?.userId?.split(":")[0].substring(1) ?? null;
     }
 
     /**
@@ -1888,100 +1368,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         return this.sessionId;
     }
 
-    /**
-     * Check if the runtime environment supports VoIP calling.
-     * @returns True if VoIP is supported.
-     */
-    public supportsVoip(): boolean {
-        return this.canSupportVoip;
-    }
-
-    /**
-     * @returns
-     */
-    public getMediaHandler(): MediaHandler {
-        return this.mediaHandler;
-    }
-
-    /**
-     * Set whether VoIP calls are forced to use only TURN
-     * candidates. This is the same as the forceTURN option
-     * when creating the client.
-     * @param force - True to force use of TURN servers
-     */
-    public setForceTURN(force: boolean): void {
-        this.forceTURN = force;
-    }
-
-    /**
-     * Set whether to advertise transfer support to other parties on Matrix calls.
-     * @param support - True to advertise the 'm.call.transferee' capability
-     */
-    public setSupportsCallTransfer(support: boolean): void {
-        this.supportsCallTransfer = support;
-    }
-
-    /**
-     * Returns true if to-device signalling for group calls will be encrypted with Olm.
-     * If false, it will be sent unencrypted.
-     * @returns boolean Whether group call signalling will be encrypted
-     */
-    public getUseE2eForGroupCall(): boolean {
-        return this.useE2eForGroupCall;
-    }
-
-    /**
-     * Creates a new call.
-     * The place*Call methods on the returned call can be used to actually place a call
-     *
-     * @param roomId - The room the call is to be placed in.
-     * @returns the call or null if the browser doesn't support calling.
-     */
-    public createCall(roomId: string): MatrixCall | null {
-        return createNewMatrixCall(this, roomId);
-    }
-
-    /**
-     * Creates a new group call and sends the associated state event
-     * to alert other members that the room now has a group call.
-     *
-     * @param roomId - The room the call is to be placed in.
-     */
-    public async createGroupCall(
-        roomId: string,
-        type: GroupCallType,
-        isPtt: boolean,
-        intent: GroupCallIntent,
-        dataChannelsEnabled?: boolean,
-        dataChannelOptions?: IGroupCallDataChannelOptions,
-    ): Promise<GroupCall> {
-        if (this.getGroupCallForRoom(roomId)) {
-            throw new Error(`${roomId} already has an existing group call`);
-        }
-
-        const room = this.getRoom(roomId);
-
-        if (!room) {
-            throw new Error(`Cannot find room ${roomId}`);
-        }
-
-        // Because without Media section a WebRTC connection is not possible, so need a RTCDataChannel to set up a
-        // no media WebRTC connection anyway.
-        return new GroupCall(
-            this,
-            room,
-            type,
-            isPtt,
-            intent,
-            undefined,
-            dataChannelsEnabled || this.isVoipWithNoMediaAllowed,
-            dataChannelOptions,
-            this.isVoipWithNoMediaAllowed,
-            this.useLivekitForGroupCalls,
-            this.livekitServiceURL,
-        ).create();
-    }
-
     public getLivekitServiceURL(): string | undefined {
         return this.livekitServiceURL;
     }
@@ -1992,29 +1378,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         this.livekitServiceURL = newURL;
     }
 
-    /**
-     * Wait until an initial state for the given room has been processed by the
-     * client and the client is aware of any ongoing group calls. Awaiting on
-     * the promise returned by this method before calling getGroupCallForRoom()
-     * avoids races where getGroupCallForRoom is called before the state for that
-     * room has been processed. It does not, however, fix other races, eg. two
-     * clients both creating a group call at the same time.
-     * @param roomId - The room ID to wait for
-     * @returns A promise that resolves once existing group calls in the room
-     *          have been processed.
-     */
-    public waitUntilRoomReadyForGroupCalls(roomId: string): Promise<void> {
-        return this.groupCallEventHandler!.waitUntilRoomReadyForGroupCalls(roomId);
-    }
-
-    /**
-     * Get an existing group call for the provided room.
-     * @returns The group call or null if it doesn't already exist.
-     */
-    public getGroupCallForRoom(roomId: string): GroupCall | null {
-        return this.groupCallEventHandler!.groupCalls.get(roomId) || null;
-    }
-
     /**
      * Get the current sync state.
      * @returns the sync state, which may be null.
@@ -2066,2082 +1429,85 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * access token, which means that the SDK can determine this entirely without
      * the dev manually flipping this flag.
      */
-    public setGuest(guest: boolean): void {
-        this.isGuestAccount = guest;
-    }
-
-    /**
-     * Return the provided scheduler, if any.
-     * @returns The scheduler or undefined
-     */
-    public getScheduler(): MatrixScheduler | undefined {
-        return this.scheduler;
-    }
-
-    /**
-     * Retry a backed off syncing request immediately. This should only be used when
-     * the user <b>explicitly</b> attempts to retry their lost connection.
-     * Will also retry any outbound to-device messages currently in the queue to be sent
-     * (retries of regular outgoing events are handled separately, per-event).
-     * @returns True if this resulted in a request being retried.
-     */
-    public retryImmediately(): boolean {
-        // don't await for this promise: we just want to kick it off
-        this.toDeviceMessageQueue.sendQueue();
-        return this.syncApi?.retryImmediately() ?? false;
-    }
-
-    /**
-     * Return the global notification EventTimelineSet, if any
-     *
-     * @returns the globl notification EventTimelineSet
-     */
-    public getNotifTimelineSet(): EventTimelineSet | null {
-        return this.notifTimelineSet;
-    }
-
-    /**
-     * Set the global notification EventTimelineSet
-     *
-     */
-    public setNotifTimelineSet(set: EventTimelineSet): void {
-        this.notifTimelineSet = set;
-    }
-
-    /**
-     * Gets the cached capabilities of the homeserver, returning cached ones if available.
-     * If there are no cached capabilities and none can be fetched, throw an exception.
-     *
-     * @returns Promise resolving with The capabilities of the homeserver
-     */
-    public async getCapabilities(): Promise<Capabilities> {
-        const caps = this.serverCapabilitiesService.getCachedCapabilities();
-        if (caps) return caps;
-        return this.serverCapabilitiesService.fetchCapabilities();
-    }
-
-    /**
-     * Gets the cached capabilities of the homeserver. If none have been fetched yet,
-     * return undefined.
-     *
-     * @returns The capabilities of the homeserver
-     */
-    public getCachedCapabilities(): Capabilities | undefined {
-        return this.serverCapabilitiesService.getCachedCapabilities();
-    }
-
-    /**
-     * Fetches the latest capabilities from the homeserver, ignoring any cached
-     * versions. The newly returned version is cached.
-     *
-     * @returns A promise which resolves to the capabilities of the homeserver
-     */
-    public fetchCapabilities(): Promise<Capabilities> {
-        return this.serverCapabilitiesService.fetchCapabilities();
-    }
-
-    /**
-     * Initialise support for end-to-end encryption in this client, using libolm.
-     *
-     * You should call this method after creating the matrixclient, but *before*
-     * calling `startClient`, if you want to support end-to-end encryption.
-     *
-     * It will return a Promise which will resolve when the crypto layer has been
-     * successfully initialised.
-     *
-     * @deprecated libolm is deprecated. Prefer {@link initRustCrypto}.
-     */
-    public async initCrypto(): Promise<void> {
-        if (!isCryptoAvailable()) {
-            throw new Error(
-                `End-to-end encryption not supported in this js-sdk build: did ` +
-                    `you remember to load the olm library?`,
-            );
-        }
-
-        if (this.cryptoBackend) {
-            this.logger.warn("Attempt to re-initialise e2e encryption on MatrixClient");
-            return;
-        }
-
-        if (!this.cryptoStore) {
-            // the cryptostore is provided by sdk.createClient, so this shouldn't happen
-            throw new Error(`Cannot enable encryption: no cryptoStore provided`);
-        }
-
-        this.logger.debug("Crypto: Starting up crypto store...");
-        await this.cryptoStore.startup();
-
-        const userId = this.getUserId();
-        if (userId === null) {
-            throw new Error(
-                `Cannot enable encryption on MatrixClient with unknown userId: ` +
-                    `ensure userId is passed in createClient().`,
-            );
-        }
-        if (this.deviceId === null) {
-            throw new Error(
-                `Cannot enable encryption on MatrixClient with unknown deviceId: ` +
-                    `ensure deviceId is passed in createClient().`,
-            );
-        }
-
-        const crypto = new Crypto(this, userId, this.deviceId, this.store, this.cryptoStore, this.verificationMethods!);
-
-        this.reEmitter.reEmit(crypto, [
-            LegacyCryptoEvent.KeyBackupFailed,
-            LegacyCryptoEvent.KeyBackupSessionsRemaining,
-            LegacyCryptoEvent.RoomKeyRequest,
-            LegacyCryptoEvent.RoomKeyRequestCancellation,
-            LegacyCryptoEvent.Warning,
-            LegacyCryptoEvent.DevicesUpdated,
-            LegacyCryptoEvent.WillUpdateDevices,
-            LegacyCryptoEvent.DeviceVerificationChanged,
-            LegacyCryptoEvent.UserTrustStatusChanged,
-            LegacyCryptoEvent.KeysChanged,
-        ]);
-
-        this.logger.debug("Crypto: initialising crypto object...");
-        await crypto.init({
-            exportedOlmDevice: this.exportedOlmDeviceToImport,
-            pickleKey: this.pickleKey,
-        });
-        delete this.exportedOlmDeviceToImport;
-
-        this.olmVersion = Crypto.getOlmVersion();
-
-        // if crypto initialisation was successful, tell it to attach its event handlers.
-        crypto.registerEventHandlers(this as Parameters<Crypto["registerEventHandlers"]>[0]);
-        this.cryptoBackend = this.crypto = crypto;
-
-        // upload our keys in the background
-        this.crypto.uploadDeviceKeys().catch((e) => {
-            // TODO: throwing away this error is a really bad idea.
-            this.logger.error("Error uploading device keys", e);
-        });
-    }
-
-    /**
-     * Initialise support for end-to-end encryption in this client, using the rust matrix-sdk-crypto.
-     *
-     * An alternative to {@link initCrypto}.
-     *
-     * @param args.useIndexedDB - True to use an indexeddb store, false to use an in-memory store. Defaults to 'true'.
-     * @param args.storageKey - A key with which to encrypt the indexeddb store. If provided, it must be exactly
-     *    32 bytes of data, and must be the same each time the client is initialised for a given device.
-     *    If both this and `storagePassword` are unspecified, the store will be unencrypted.
-     * @param args.storagePassword - An alternative to `storageKey`. A password which will be used to derive a key to
-     *    encrypt the store with. Deriving a key from a password is (deliberately) a slow operation, so prefer
-     *    to pass a `storageKey` directly where possible.
-     *
-     * @returns a Promise which will resolve when the crypto layer has been
-     *    successfully initialised.
-     */
-    public async initRustCrypto(
-        args: {
-            useIndexedDB?: boolean;
-            storageKey?: Uint8Array;
-            storagePassword?: string;
-        } = {},
-    ): Promise<void> {
-        if (this.cryptoBackend) {
-            this.logger.warn("Attempt to re-initialise e2e encryption on MatrixClient");
-            return;
-        }
-
-        const userId = this.getUserId();
-        if (userId === null) {
-            throw new Error(
-                `Cannot enable encryption on MatrixClient with unknown userId: ` +
-                    `ensure userId is passed in createClient().`,
-            );
-        }
-        const deviceId = this.getDeviceId();
-        if (deviceId === null) {
-            throw new Error(
-                `Cannot enable encryption on MatrixClient with unknown deviceId: ` +
-                    `ensure deviceId is passed in createClient().`,
-            );
-        }
-
-        // importing rust-crypto will download the webassembly, so we delay it until we know it will be
-        // needed.
-        this.logger.debug("Downloading Rust crypto library");
-        const RustCrypto = await import("./rust-crypto/index.ts");
-
-        const rustCrypto = await RustCrypto.initRustCrypto({
-            logger: this.logger,
-            http: this.http,
-            userId: userId,
-            deviceId: deviceId,
-            secretStorage: this.secretStorage,
-            cryptoCallbacks: this.cryptoCallbacks,
-            storePrefix: args.useIndexedDB === false ? null : RUST_SDK_STORE_PREFIX,
-            storeKey: args.storageKey,
-            storePassphrase: args.storagePassword,
-
-            legacyCryptoStore: this.cryptoStore,
-            legacyPickleKey: this.pickleKey ?? "DEFAULT_KEY",
-            legacyMigrationProgressListener: (progress: number, total: number): void => {
-                this.emit(CryptoEvent.LegacyCryptoStoreMigrationProgress, progress, total);
-            },
-        });
-
-        rustCrypto.setSupportedVerificationMethods(this.verificationMethods);
-
-        this.cryptoBackend = rustCrypto;
-
-        // attach the event listeners needed by RustCrypto
-        this.on(RoomMemberEvent.Membership, rustCrypto.onRoomMembership.bind(rustCrypto));
-        this.on(ClientEvent.Event, (event) => {
-            rustCrypto.onLiveEventFromSync(event);
-        });
-
-        // re-emit the events emitted by the crypto impl
-        this.reEmitter.reEmit(rustCrypto, [
-            CryptoEvent.VerificationRequestReceived,
-            CryptoEvent.UserTrustStatusChanged,
-            CryptoEvent.KeyBackupStatus,
-            CryptoEvent.KeyBackupSessionsRemaining,
-            CryptoEvent.KeyBackupFailed,
-            CryptoEvent.KeyBackupDecryptionKeyCached,
-            CryptoEvent.KeysChanged,
-            CryptoEvent.DevicesUpdated,
-            CryptoEvent.WillUpdateDevices,
-        ]);
-    }
-
-    /**
-     * Access the server-side secret storage API for this client.
-     */
-    public get secretStorage(): ServerSideSecretStorage {
-        return this._secretStorage;
-    }
-
-    /**
-     * Access the crypto API for this client.
-     *
-     * If end-to-end encryption has been enabled for this client (via {@link initCrypto} or {@link initRustCrypto}),
-     * returns an object giving access to the crypto API. Otherwise, returns `undefined`.
-     */
-    public getCrypto(): CryptoApi | undefined {
-        return this.cryptoBackend;
-    }
-
-    /**
-     * Is end-to-end crypto enabled for this client.
-     * @returns True if end-to-end is enabled.
-     * @deprecated prefer {@link getCrypto}
-     */
-    public isCryptoEnabled(): boolean {
-        return !!this.cryptoBackend;
-    }
-
-    /**
-     * Get the Ed25519 key for this device
-     *
-     * @returns base64-encoded ed25519 key. Null if crypto is
-     *    disabled.
-     *
-     * @deprecated Not supported for Rust Cryptography.Prefer {@link CryptoApi.getOwnDeviceKeys}
-     */
-    public getDeviceEd25519Key(): string | null {
-        return this.crypto?.getDeviceEd25519Key() ?? null;
-    }
-
-    /**
-     * Get the Curve25519 key for this device
-     *
-     * @returns base64-encoded curve25519 key. Null if crypto is
-     *    disabled.
-     *
-     * @deprecated Not supported for Rust Cryptography. Use {@link CryptoApi.getOwnDeviceKeys}
-     */
-    public getDeviceCurve25519Key(): string | null {
-        return this.crypto?.getDeviceCurve25519Key() ?? null;
-    }
-
-    /**
-     * @deprecated Does nothing.
-     */
-    public async uploadKeys(): Promise<void> {
-        this.logger.warn("MatrixClient.uploadKeys is deprecated");
-    }
-
-    /**
-     * Download the keys for a list of users and stores the keys in the session
-     * store.
-     * @param userIds - The users to fetch.
-     * @param forceDownload - Always download the keys even if cached.
-     *
-     * @returns A promise which resolves to a map userId-\>deviceId-\>`DeviceInfo`
-     *
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.getUserDeviceInfo}
-     */
-    public downloadKeys(userIds: string[], forceDownload?: boolean): Promise<DeviceInfoMap> {
-        if (!this.crypto) {
-            return Promise.reject(new Error("End-to-end encryption disabled"));
-        }
-        return this.crypto.downloadKeys(userIds, forceDownload);
-    }
-
-    /**
-     * Get the stored device keys for a user id
-     *
-     * @param userId - the user to list keys for.
-     *
-     * @returns list of devices
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.getUserDeviceInfo}
-     */
-    public getStoredDevicesForUser(userId: string): DeviceInfo[] {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.getStoredDevicesForUser(userId) || [];
-    }
-
-    /**
-     * Get the stored device key for a user id and device id
-     *
-     * @param userId - the user to list keys for.
-     * @param deviceId - unique identifier for the device
-     *
-     * @returns device or null
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.getUserDeviceInfo}
-     */
-    public getStoredDevice(userId: string, deviceId: string): DeviceInfo | null {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.getStoredDevice(userId, deviceId) || null;
-    }
-
-    /**
-     * Mark the given device as verified
-     *
-     * @param userId - owner of the device
-     * @param deviceId - unique identifier for the device or user's
-     * cross-signing public key ID.
-     *
-     * @param verified - whether to mark the device as verified. defaults
-     *   to 'true'.
-     *
-     * @returns
-     *
-     * @remarks
-     * Fires {@link CryptoEvent#DeviceVerificationChanged}
-     */
-    public setDeviceVerified(userId: string, deviceId: string, verified = true): Promise<void> {
-        const prom = this.setDeviceVerification(userId, deviceId, verified, null, null);
-
-        // if one of the user's own devices is being marked as verified / unverified,
-        // check the key backup status, since whether or not we use this depends on
-        // whether it has a signature from a verified device
-        if (userId == this.credentials.userId) {
-            this.checkKeyBackup();
-        }
-        return prom;
-    }
-
-    /**
-     * Mark the given device as blocked/unblocked
-     *
-     * @param userId - owner of the device
-     * @param deviceId - unique identifier for the device or user's
-     * cross-signing public key ID.
-     *
-     * @param blocked - whether to mark the device as blocked. defaults
-     *   to 'true'.
-     *
-     * @returns
-     *
-     * @remarks
-     * Fires {@link LegacyCryptoEvent.DeviceVerificationChanged}
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public setDeviceBlocked(userId: string, deviceId: string, blocked = true): Promise<void> {
-        return this.setDeviceVerification(userId, deviceId, null, blocked, null);
-    }
-
-    /**
-     * Mark the given device as known/unknown
-     *
-     * @param userId - owner of the device
-     * @param deviceId - unique identifier for the device or user's
-     * cross-signing public key ID.
-     *
-     * @param known - whether to mark the device as known. defaults
-     *   to 'true'.
-     *
-     * @returns
-     *
-     * @remarks
-     * Fires {@link CryptoEvent#DeviceVerificationChanged}
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public setDeviceKnown(userId: string, deviceId: string, known = true): Promise<void> {
-        return this.setDeviceVerification(userId, deviceId, null, null, known);
-    }
-
-    private async setDeviceVerification(
-        userId: string,
-        deviceId: string,
-        verified?: boolean | null,
-        blocked?: boolean | null,
-        known?: boolean | null,
-    ): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        await this.crypto.setDeviceVerification(userId, deviceId, verified, blocked, known);
-    }
-
-    /**
-     * Request a key verification from another user, using a DM.
-     *
-     * @param userId - the user to request verification with
-     * @param roomId - the room to use for verification
-     *
-     * @returns resolves to a VerificationRequest
-     *    when the request has been sent to the other party.
-     *
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.requestVerificationDM}.
-     */
-    public requestVerificationDM(userId: string, roomId: string): Promise<VerificationRequest> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.requestVerificationDM(userId, roomId);
-    }
-
-    /**
-     * Finds a DM verification request that is already in progress for the given room id
-     *
-     * @param roomId - the room to use for verification
-     *
-     * @returns the VerificationRequest that is in progress, if any
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.findVerificationRequestDMInProgress}.
-     */
-    public findVerificationRequestDMInProgress(roomId: string): VerificationRequest | undefined {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        } else if (!this.crypto) {
-            // Hack for element-R to avoid breaking the cypress tests. We can get rid of this once the react-sdk is
-            // updated to use CryptoApi.findVerificationRequestDMInProgress.
-            return undefined;
-        }
-        return this.crypto.findVerificationRequestDMInProgress(roomId);
-    }
-
-    /**
-     * Returns all to-device verification requests that are already in progress for the given user id
-     *
-     * @param userId - the ID of the user to query
-     *
-     * @returns the VerificationRequests that are in progress
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.getVerificationRequestsToDeviceInProgress}.
-     */
-    public getVerificationRequestsToDeviceInProgress(userId: string): VerificationRequest[] {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.getVerificationRequestsToDeviceInProgress(userId);
-    }
-
-    /**
-     * Request a key verification from another user.
-     *
-     * @param userId - the user to request verification with
-     * @param devices - array of device IDs to send requests to.  Defaults to
-     *    all devices owned by the user
-     *
-     * @returns resolves to a VerificationRequest
-     *    when the request has been sent to the other party.
-     *
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi#requestOwnUserVerification} or {@link CryptoApi#requestDeviceVerification}.
-     */
-    public requestVerification(userId: string, devices?: string[]): Promise<VerificationRequest> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.requestVerification(userId, devices);
-    }
-
-    /**
-     * Begin a key verification.
-     *
-     * @param method - the verification method to use
-     * @param userId - the user to verify keys with
-     * @param deviceId - the device to verify
-     *
-     * @returns a verification object
-     * @deprecated Prefer {@link CryptoApi#requestOwnUserVerification} or {@link CryptoApi#requestDeviceVerification}.
-     */
-    public beginKeyVerification(method: string, userId: string, deviceId: string): Verification<any, any> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.beginKeyVerification(method, userId, deviceId);
-    }
-
-    /**
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#checkKey}.
-     */
-    public checkSecretStorageKey(key: Uint8Array, info: SecretStorageKeyDescription): Promise<boolean> {
-        return this.secretStorage.checkKey(key, info);
-    }
-
-    /**
-     * Set the global override for whether the client should ever send encrypted
-     * messages to unverified devices.  This provides the default for rooms which
-     * do not specify a value.
-     *
-     * @param value - whether to blacklist all unverified devices by default
-     *
-     * @deprecated Prefer direct access to {@link CryptoApi.globalBlacklistUnverifiedDevices}:
-     *
-     * ```javascript
-     * client.getCrypto().globalBlacklistUnverifiedDevices = value;
-     * ```
-     */
-    public setGlobalBlacklistUnverifiedDevices(value: boolean): boolean {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        this.cryptoBackend.globalBlacklistUnverifiedDevices = value;
-        return value;
-    }
-
-    /**
-     * @returns whether to blacklist all unverified devices by default
-     *
-     * @deprecated Prefer direct access to {@link CryptoApi.globalBlacklistUnverifiedDevices}:
-     *
-     * ```javascript
-     * value = client.getCrypto().globalBlacklistUnverifiedDevices;
-     * ```
-     */
-    public getGlobalBlacklistUnverifiedDevices(): boolean {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.globalBlacklistUnverifiedDevices;
-    }
-
-    /**
-     * Set whether sendMessage in a room with unknown and unverified devices
-     * should throw an error and not send them message. This has 'Global' for
-     * symmetry with setGlobalBlacklistUnverifiedDevices but there is currently
-     * no room-level equivalent for this setting.
-     *
-     * This API is currently UNSTABLE and may change or be removed without notice.
-     *
-     * It has no effect with the Rust crypto implementation.
-     *
-     * @param value - whether error on unknown devices
-     *
-     * ```ts
-     * client.getCrypto().globalErrorOnUnknownDevices = value;
-     * ```
-     */
-    public setGlobalErrorOnUnknownDevices(value: boolean): void {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        this.cryptoBackend.globalErrorOnUnknownDevices = value;
-    }
-
-    /**
-     * @returns whether to error on unknown devices
-     *
-     * This API is currently UNSTABLE and may change or be removed without notice.
-     */
-    public getGlobalErrorOnUnknownDevices(): boolean {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.globalErrorOnUnknownDevices;
-    }
-
-    /**
-     * Get the ID of one of the user's cross-signing keys
-     *
-     * @param type - The type of key to get the ID of.  One of
-     *     "master", "self_signing", or "user_signing".  Defaults to "master".
-     *
-     * @returns the key ID
-     * @deprecated Not supported for Rust Cryptography. prefer {@link Crypto.CryptoApi#getCrossSigningKeyId}
-     */
-    public getCrossSigningId(type: CrossSigningKey | string = CrossSigningKey.Master): string | null {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.getCrossSigningId(type);
-    }
-
-    /**
-     * Get the cross signing information for a given user.
-     *
-     * The cross-signing API is currently UNSTABLE and may change without notice.
-     *
-     * @param userId - the user ID to get the cross-signing info for.
-     *
-     * @returns the cross signing information for the user.
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi#userHasCrossSigningKeys}
-     */
-    public getStoredCrossSigningForUser(userId: string): CrossSigningInfo | null {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.getStoredCrossSigningForUser(userId);
-    }
-
-    /**
-     * Check whether a given user is trusted.
-     *
-     * The cross-signing API is currently UNSTABLE and may change without notice.
-     *
-     * @param userId - The ID of the user to check.
-     *
-     * @deprecated Use {@link Crypto.CryptoApi.getUserVerificationStatus | `CryptoApi.getUserVerificationStatus`}
-     */
-    public checkUserTrust(userId: string): UserTrustLevel {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.checkUserTrust(userId);
-    }
-
-    /**
-     * Check whether a given device is trusted.
-     *
-     * The cross-signing API is currently UNSTABLE and may change without notice.
-     *
-     * @param userId - The ID of the user whose devices is to be checked.
-     * @param deviceId - The ID of the device to check
-     *
-     * @deprecated Use {@link Crypto.CryptoApi.getDeviceVerificationStatus | `CryptoApi.getDeviceVerificationStatus`}
-     */
-    public checkDeviceTrust(userId: string, deviceId: string): DeviceTrustLevel {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.checkDeviceTrust(userId, deviceId);
-    }
-
-    /**
-     * Check whether one of our own devices is cross-signed by our
-     * user's stored keys, regardless of whether we trust those keys yet.
-     *
-     * @param deviceId - The ID of the device to check
-     *
-     * @returns true if the device is cross-signed
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public checkIfOwnDeviceCrossSigned(deviceId: string): boolean {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.checkIfOwnDeviceCrossSigned(deviceId);
-    }
-
-    /**
-     * Check the copy of our cross-signing key that we have in the device list and
-     * see if we can get the private key. If so, mark it as trusted.
-     * @param opts - ICheckOwnCrossSigningTrustOpts object
-     *
-     * @deprecated Unneeded for the new crypto
-     */
-    public checkOwnCrossSigningTrust(opts?: ICheckOwnCrossSigningTrustOpts): Promise<void> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.checkOwnCrossSigningTrust(opts);
-    }
-
-    /**
-     * Checks that a given cross-signing private key matches a given public key.
-     * This can be used by the getCrossSigningKey callback to verify that the
-     * private key it is about to supply is the one that was requested.
-     * @param privateKey - The private key
-     * @param expectedPublicKey - The public key
-     * @returns true if the key matches, otherwise false
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public checkCrossSigningPrivateKey(privateKey: Uint8Array, expectedPublicKey: string): boolean {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.checkCrossSigningPrivateKey(privateKey, expectedPublicKey);
-    }
-
-    /**
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi#requestDeviceVerification}.
-     */
-    public legacyDeviceVerification(userId: string, deviceId: string, method: string): Promise<VerificationRequest> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.legacyDeviceVerification(userId, deviceId, method);
-    }
-
-    /**
-     * Perform any background tasks that can be done before a message is ready to
-     * send, in order to speed up sending of the message.
-     * @param room - the room the event is in
-     *
-     * @deprecated Prefer {@link CryptoApi.prepareToEncrypt | `CryptoApi.prepareToEncrypt`}:
-     *
-     * ```javascript
-     * client.getCrypto().prepareToEncrypt(room);
-     * ```
-     */
-    public prepareToEncrypt(room: Room): void {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        this.cryptoBackend.prepareToEncrypt(room);
-    }
-
-    /**
-     * Checks if the user has previously published cross-signing keys
-     *
-     * This means downloading the devicelist for the user and checking if the list includes
-     * the cross-signing pseudo-device.
-     *
-     * @deprecated Prefer {@link CryptoApi.userHasCrossSigningKeys | `CryptoApi.userHasCrossSigningKeys`}:
-     *
-     * ```javascript
-     * result = client.getCrypto().userHasCrossSigningKeys();
-     * ```
-     */
-    public userHasCrossSigningKeys(): Promise<boolean> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.userHasCrossSigningKeys();
-    }
-
-    /**
-     * Checks whether cross signing:
-     * - is enabled on this account and trusted by this device
-     * - has private keys either cached locally or stored in secret storage
-     *
-     * If this function returns false, bootstrapCrossSigning() can be used
-     * to fix things such that it returns true. That is to say, after
-     * bootstrapCrossSigning() completes successfully, this function should
-     * return true.
-     * @returns True if cross-signing is ready to be used on this device
-     * @deprecated Prefer {@link CryptoApi.isCrossSigningReady | `CryptoApi.isCrossSigningReady`}:
-     */
-    public isCrossSigningReady(): Promise<boolean> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.isCrossSigningReady();
-    }
-
-    /**
-     * Bootstrap cross-signing by creating keys if needed. If everything is already
-     * set up, then no changes are made, so this is safe to run to ensure
-     * cross-signing is ready for use.
-     *
-     * This function:
-     * - creates new cross-signing keys if they are not found locally cached nor in
-     *   secret storage (if it has been set up)
-     *
-     * @deprecated Prefer {@link CryptoApi.bootstrapCrossSigning | `CryptoApi.bootstrapCrossSigning`}.
-     */
-    public bootstrapCrossSigning(opts: BootstrapCrossSigningOpts): Promise<void> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.bootstrapCrossSigning(opts);
-    }
-
-    /**
-     * Whether to trust a others users signatures of their devices.
-     * If false, devices will only be considered 'verified' if we have
-     * verified that device individually (effectively disabling cross-signing).
-     *
-     * Default: true
-     *
-     * @returns True if trusting cross-signed devices
-     *
-     * @deprecated Prefer {@link CryptoApi.getTrustCrossSignedDevices | `CryptoApi.getTrustCrossSignedDevices`}.
-     */
-    public getCryptoTrustCrossSignedDevices(): boolean {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.getTrustCrossSignedDevices();
-    }
-
-    /**
-     * See getCryptoTrustCrossSignedDevices
-     *
-     * @param val - True to trust cross-signed devices
-     *
-     * @deprecated Prefer {@link CryptoApi.setTrustCrossSignedDevices | `CryptoApi.setTrustCrossSignedDevices`}.
-     */
-    public setCryptoTrustCrossSignedDevices(val: boolean): void {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        this.cryptoBackend.setTrustCrossSignedDevices(val);
-    }
-
-    /**
-     * Counts the number of end to end session keys that are waiting to be backed up
-     * @returns Promise which resolves to the number of sessions requiring backup
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public countSessionsNeedingBackup(): Promise<number> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.countSessionsNeedingBackup();
-    }
-
-    /**
-     * Get information about the encryption of an event
-     *
-     * @param event - event to be checked
-     * @returns The event information.
-     * @deprecated Prefer {@link Crypto.CryptoApi.getEncryptionInfoForEvent | `CryptoApi.getEncryptionInfoForEvent`}.
-     */
-    public getEventEncryptionInfo(event: MatrixEvent): IEncryptedEventInfo {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.getEventEncryptionInfo(event);
-    }
-
-    /**
-     * Create a recovery key from a user-supplied passphrase.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param password - Passphrase string that can be entered by the user
-     *     when restoring the backup as an alternative to entering the recovery key.
-     *     Optional.
-     * @returns Object with public key metadata, encoded private
-     *     recovery key which should be disposed of after displaying to the user,
-     *     and raw private key to avoid round tripping if needed.
-     *
-     * @deprecated Prefer {@link CryptoApi.createRecoveryKeyFromPassphrase | `CryptoApi.createRecoveryKeyFromPassphrase`}.
-     */
-    public createRecoveryKeyFromPassphrase(password?: string): Promise<IRecoveryKey> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.createRecoveryKeyFromPassphrase(password);
-    }
-
-    /**
-     * Checks whether secret storage:
-     * - is enabled on this account
-     * - is storing cross-signing private keys
-     * - is storing session backup key (if enabled)
-     *
-     * If this function returns false, bootstrapSecretStorage() can be used
-     * to fix things such that it returns true. That is to say, after
-     * bootstrapSecretStorage() completes successfully, this function should
-     * return true.
-     *
-     * @returns True if secret storage is ready to be used on this device
-     * @deprecated Prefer {@link CryptoApi.isSecretStorageReady | `CryptoApi.isSecretStorageReady`}.
-     */
-    public isSecretStorageReady(): Promise<boolean> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.isSecretStorageReady();
-    }
-
-    /**
-     * Bootstrap Secure Secret Storage if needed by creating a default key. If everything is
-     * already set up, then no changes are made, so this is safe to run to ensure secret
-     * storage is ready for use.
-     *
-     * This function
-     * - creates a new Secure Secret Storage key if no default key exists
-     *   - if a key backup exists, it is migrated to store the key in the Secret
-     *     Storage
-     * - creates a backup if none exists, and one is requested
-     * - migrates Secure Secret Storage to use the latest algorithm, if an outdated
-     *   algorithm is found
-     *
-     * @deprecated Use {@link CryptoApi.bootstrapSecretStorage | `CryptoApi.bootstrapSecretStorage`}.
-     */
-    public bootstrapSecretStorage(opts: ICreateSecretStorageOpts): Promise<void> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.bootstrapSecretStorage(opts);
-    }
-
-    /**
-     * Add a key for encrypting secrets.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param algorithm - the algorithm used by the key
-     * @param opts - the options for the algorithm.  The properties used
-     *     depend on the algorithm given.
-     * @param keyName - the name of the key.  If not given, a random name will be generated.
-     *
-     * @returns An object with:
-     *     keyId: the ID of the key
-     *     keyInfo: details about the key (iv, mac, passphrase)
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#addKey}.
-     */
-    public addSecretStorageKey(
-        algorithm: string,
-        opts: AddSecretStorageKeyOpts,
-        keyName?: string,
-    ): Promise<{ keyId: string; keyInfo: SecretStorageKeyDescription }> {
-        return this.secretStorage.addKey(algorithm, opts, keyName);
-    }
-
-    /**
-     * Check whether we have a key with a given ID.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param keyId - The ID of the key to check
-     *     for. Defaults to the default key ID if not provided.
-     * @returns Whether we have the key.
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#hasKey}.
-     */
-    public hasSecretStorageKey(keyId?: string): Promise<boolean> {
-        return this.secretStorage.hasKey(keyId);
-    }
-
-    /**
-     * Store an encrypted secret on the server.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param name - The name of the secret
-     * @param secret - The secret contents.
-     * @param keys - The IDs of the keys to use to encrypt the secret or null/undefined
-     *     to use the default (will throw if no default key is set).
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#store}.
-     */
-    public storeSecret(name: string, secret: string, keys?: string[]): Promise<void> {
-        return this.secretStorage.store(name, secret, keys);
-    }
-
-    /**
-     * Get a secret from storage.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param name - the name of the secret
-     *
-     * @returns the contents of the secret
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#get}.
-     */
-    public getSecret(name: string): Promise<string | undefined> {
-        return this.secretStorage.get(name);
-    }
-
-    /**
-     * Check if a secret is stored on the server.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param name - the name of the secret
-     * @returns map of key name to key info the secret is encrypted
-     *     with, or null if it is not present or not encrypted with a trusted
-     *     key
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#isStored}.
-     */
-    public isSecretStored(name: string): Promise<Record<string, SecretStorageKeyDescription> | null> {
-        return this.secretStorage.isStored(name);
-    }
-
-    /**
-     * Request a secret from another device.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param name - the name of the secret to request
-     * @param devices - the devices to request the secret from
-     *
-     * @returns the secret request object
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public requestSecret(name: string, devices: string[]): ISecretRequest {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.requestSecret(name, devices);
-    }
-
-    /**
-     * Get the current default key ID for encrypting secrets.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @returns The default key ID or null if no default key ID is set
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#getDefaultKeyId}.
-     */
-    public getDefaultSecretStorageKeyId(): Promise<string | null> {
-        return this.secretStorage.getDefaultKeyId();
-    }
-
-    /**
-     * Set the current default key ID for encrypting secrets.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param keyId - The new default key ID
-     *
-     * @deprecated Use {@link MatrixClient#secretStorage} and {@link SecretStorage.ServerSideSecretStorage#setDefaultKeyId}.
-     */
-    public setDefaultSecretStorageKeyId(keyId: string): Promise<void> {
-        return this.secretStorage.setDefaultKeyId(keyId);
-    }
-
-    /**
-     * Checks that a given secret storage private key matches a given public key.
-     * This can be used by the getSecretStorageKey callback to verify that the
-     * private key it is about to supply is the one that was requested.
-     *
-     * The Secure Secret Storage API is currently UNSTABLE and may change without notice.
-     *
-     * @param privateKey - The private key
-     * @param expectedPublicKey - The public key
-     * @returns true if the key matches, otherwise false
-     *
-     * @deprecated The use of asymmetric keys for SSSS is deprecated.
-     *     Use {@link SecretStorage.ServerSideSecretStorage#checkKey} for symmetric keys.
-     */
-    public checkSecretStoragePrivateKey(privateKey: Uint8Array, expectedPublicKey: string): boolean {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.checkSecretStoragePrivateKey(privateKey, expectedPublicKey);
-    }
-
-    /**
-     * Get e2e information on the device that sent an event
-     *
-     * @param event - event to be checked
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public async getEventSenderDeviceInfo(event: MatrixEvent): Promise<DeviceInfo | null> {
-        if (!this.crypto) {
-            return null;
-        }
-        return this.crypto.getEventSenderDeviceInfo(event);
-    }
-
-    /**
-     * Check if the sender of an event is verified
-     *
-     * @param event - event to be checked
-     *
-     * @returns true if the sender of this event has been verified using
-     * {@link MatrixClient#setDeviceVerified}.
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public async isEventSenderVerified(event: MatrixEvent): Promise<boolean> {
-        const device = await this.getEventSenderDeviceInfo(event);
-        if (!device) {
-            return false;
-        }
-        return device.isVerified();
-    }
-
-    /**
-     * Get outgoing room key request for this event if there is one.
-     * @param event - The event to check for
-     *
-     * @returns A room key request, or null if there is none
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public getOutgoingRoomKeyRequest(event: MatrixEvent): Promise<OutgoingRoomKeyRequest | null> {
-        if (!this.crypto) {
-            throw new Error("End-to-End encryption disabled");
-        }
-        const wireContent = event.getWireContent();
-        const requestBody: IRoomKeyRequestBody = {
-            session_id: wireContent.session_id,
-            sender_key: wireContent.sender_key,
-            algorithm: wireContent.algorithm,
-            room_id: event.getRoomId()!,
-        };
-        if (!requestBody.session_id || !requestBody.sender_key || !requestBody.algorithm || !requestBody.room_id) {
-            return Promise.resolve(null);
-        }
-        return this.crypto.cryptoStore.getOutgoingRoomKeyRequest(requestBody);
-    }
-
-    /**
-     * Cancel a room key request for this event if one is ongoing and resend the
-     * request.
-     * @param event - event of which to cancel and resend the room
-     *                            key request.
-     * @returns A promise that will resolve when the key request is queued
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public cancelAndResendEventRoomKeyRequest(event: MatrixEvent): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-End encryption disabled");
-        }
-        return event.cancelAndResendKeyRequest(this.crypto, this.getUserId()!);
-    }
-
-    /**
-     * Enable end-to-end encryption for a room. This does not modify room state.
-     * Any messages sent before the returned promise resolves will be sent unencrypted.
-     * @param roomId - The room ID to enable encryption in.
-     * @param config - The encryption config for the room.
-     * @returns A promise that will resolve when encryption is set up.
-     *
-     * @deprecated Not supported for Rust Cryptography. To enable encryption in a room, send an `m.room.encryption`
-     * state event.
-     */
-    public setRoomEncryption(roomId: string, config: IRoomEncryption): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-End encryption disabled");
-        }
-        return this.crypto.setRoomEncryption(roomId, config);
-    }
-
-    /**
-     * Whether encryption is enabled for a room.
-     * @param roomId - the room id to query.
-     * @returns whether encryption is enabled.
-     *
-     * @deprecated Not correctly supported for Rust Cryptography. Use {@link CryptoApi.isEncryptionEnabledInRoom} and/or
-     *    {@link Room.hasEncryptionStateEvent}.
-     */
-    public isRoomEncrypted(roomId: string): boolean {
-        const room = this.getRoom(roomId);
-        if (!room) {
-            // we don't know about this room, so can't determine if it should be
-            // encrypted. Let's assume not.
-            return false;
-        }
-
-        // if there is an 'm.room.encryption' event in this room, it should be
-        // encrypted (independently of whether we actually support encryption)
-        if (room.hasEncryptionStateEvent()) {
-            return true;
-        }
-
-        // we don't have an m.room.encrypted event, but that might be because
-        // the server is hiding it from us. Check the store to see if it was
-        // previously encrypted.
-        return this.crypto?.isRoomEncrypted(roomId) ?? false;
-    }
-
-    /**
-     * Encrypts and sends a given object via Olm to-device messages to a given
-     * set of devices.
-     *
-     * @param userDeviceInfoArr - list of deviceInfo objects representing the devices to send to
-     *
-     * @param payload - fields to include in the encrypted payload
-     *
-     * @returns Promise which
-     *     resolves once the message has been encrypted and sent to the given
-     *     userDeviceMap, and returns the `{ contentMap, deviceInfoByDeviceId }`
-     *     of the successfully sent messages.
-     *
-     * @deprecated Instead use {@link CryptoApi.encryptToDeviceMessages} followed by {@link queueToDevice}.
-     */
-    public encryptAndSendToDevices(userDeviceInfoArr: IOlmDevice<DeviceInfo>[], payload: object): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-End encryption disabled");
-        }
-        return this.crypto.encryptAndSendToDevices(userDeviceInfoArr, payload);
-    }
-
-    /**
-     * Forces the current outbound group session to be discarded such
-     * that another one will be created next time an event is sent.
-     *
-     * @param roomId - The ID of the room to discard the session for
-     *
-     * @deprecated Prefer {@link CryptoApi.forceDiscardSession | `CryptoApi.forceDiscardSession`}:
-     */
-    public forceDiscardSession(roomId: string): void {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-End encryption disabled");
-        }
-        this.cryptoBackend.forceDiscardSession(roomId);
-    }
-
-    /**
-     * Get a list containing all of the room keys
-     *
-     * This should be encrypted before returning it to the user.
-     *
-     * @returns a promise which resolves to a list of session export objects
-     *
-     * @deprecated Prefer {@link CryptoApi.exportRoomKeys | `CryptoApi.exportRoomKeys`}:
-     *
-     * ```javascript
-     * sessionData = await client.getCrypto().exportRoomKeys();
-     * ```
-     */
-    public exportRoomKeys(): Promise<IMegolmSessionData[]> {
-        if (!this.cryptoBackend) {
-            return Promise.reject(new Error("End-to-end encryption disabled"));
-        }
-        return this.cryptoBackend.exportRoomKeys();
-    }
-
-    /**
-     * Import a list of room keys previously exported by exportRoomKeys
-     *
-     * @param keys - a list of session export objects
-     * @param opts - options object
-     *
-     * @returns a promise which resolves when the keys have been imported
-     *
-     * @deprecated Prefer {@link CryptoApi.importRoomKeys | `CryptoApi.importRoomKeys`}:
-     * ```javascript
-     *  await client.getCrypto()?.importRoomKeys([..]);
-     * ```
-     */
-    public importRoomKeys(keys: IMegolmSessionData[], opts?: ImportRoomKeysOpts): Promise<void> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.cryptoBackend.importRoomKeys(keys, opts);
-    }
-
-    /**
-     * Force a re-check of the local key backup status against
-     * what's on the server.
-     *
-     * @returns Object with backup info (as returned by
-     *     getKeyBackupVersion) in backupInfo and
-     *     trust information (as returned by isKeyBackupTrusted)
-     *     in trustInfo.
-     *
-     * @deprecated Prefer {@link Crypto.CryptoApi.checkKeyBackupAndEnable}.
-     */
-    public checkKeyBackup(): Promise<IKeyBackupCheck | null> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.backupManager.checkKeyBackup();
-    }
-
-    /**
-     * Get information about the current key backup from the server.
-     *
-     * Performs some basic validity checks on the shape of the result, and raises an error if it is not as expected.
-     *
-     * **Note**: there is no (supported) way to distinguish between "failure to talk to the server" and "another client
-     * uploaded a key backup version using an algorithm I don't understand.
-     *
-     * @returns Information object from API, or null if no backup is present on the server.
-     *
-     * @deprecated Prefer {@link CryptoApi.getKeyBackupInfo}.
-     */
-    public async getKeyBackupVersion(): Promise<IKeyBackupInfo | null> {
-        let res: IKeyBackupInfo;
-        try {
-            res = await this.http.authedRequest<IKeyBackupInfo>(
-                Method.Get,
-                "/room_keys/version",
-                undefined,
-                undefined,
-                { prefix: ClientPrefix.V3 },
-            );
-        } catch (e) {
-            if ((<MatrixError>e).errcode === "M_NOT_FOUND") {
-                return null;
-            } else {
-                throw e;
-            }
-        }
-        BackupManager.checkBackupVersion(res);
-        return res;
-    }
-
-    /**
-     * @param info - key backup info dict from getKeyBackupVersion()
-     *
-     * @deprecated Not supported for Rust Cryptography. Prefer {@link CryptoApi.isKeyBackupTrusted | `CryptoApi.isKeyBackupTrusted`}.
-     */
-    public isKeyBackupTrusted(info: IKeyBackupInfo): Promise<TrustInfo> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.backupManager.isKeyBackupTrusted(info);
-    }
-
-    /**
-     * @returns true if the client is configured to back up keys to
-     *     the server, otherwise false. If we haven't completed a successful check
-     *     of key backup status yet, returns null.
-     *
-     * @deprecated Not supported for Rust Cryptography. Prefer direct access to {@link Crypto.CryptoApi.getActiveSessionBackupVersion}:
-     *
-     * ```javascript
-     * let enabled = (await client.getCrypto().getActiveSessionBackupVersion()) !== null;
-     * ```
-     */
-    public getKeyBackupEnabled(): boolean | null {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        return this.crypto.backupManager.getKeyBackupEnabled();
-    }
-
-    /**
-     * Enable backing up of keys, using data previously returned from
-     * getKeyBackupVersion.
-     *
-     * @param info - Backup information object as returned by getKeyBackupVersion
-     * @returns Promise which resolves when complete.
-     *
-     * @deprecated Do not call this directly. Instead call {@link Crypto.CryptoApi.checkKeyBackupAndEnable}.
-     */
-    public enableKeyBackup(info: IKeyBackupInfo): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        return this.crypto.backupManager.enableKeyBackup(info);
-    }
-
-    /**
-     * Disable backing up of keys.
-     *
-     * @deprecated Not supported for Rust Cryptography. It should be unnecessary to disable key backup.
-     */
-    public disableKeyBackup(): void {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        this.crypto.backupManager.disableKeyBackup();
-    }
-
-    /**
-     * Set up the data required to create a new backup version.  The backup version
-     * will not be created and enabled until createKeyBackupVersion is called.
-     *
-     * @param password - Passphrase string that can be entered by the user
-     *     when restoring the backup as an alternative to entering the recovery key.
-     *     Optional.
-     *
-     * @returns Object that can be passed to createKeyBackupVersion and
-     *     additionally has a 'recovery_key' member with the user-facing recovery key string.
-     *
-     * @deprecated Not supported for Rust cryptography. Use {@link Crypto.CryptoApi.resetKeyBackup | `CryptoApi.resetKeyBackup`}.
-     */
-    public async prepareKeyBackupVersion(
-        password?: string | Uint8Array | null,
-        opts: IKeyBackupPrepareOpts = { secureSecretStorage: false },
-    ): Promise<Pick<IPreparedKeyBackupVersion, "algorithm" | "auth_data" | "recovery_key">> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        // eslint-disable-next-line camelcase
-        const { algorithm, auth_data, recovery_key, privateKey } =
-            await this.crypto.backupManager.prepareKeyBackupVersion(password);
-
-        if (opts.secureSecretStorage) {
-            await this.secretStorage.store("m.megolm_backup.v1", encodeBase64(privateKey));
-            this.logger.info("Key backup private key stored in secret storage");
-        }
-
-        return {
-            algorithm,
-            /* eslint-disable camelcase */
-            auth_data,
-            recovery_key,
-            /* eslint-enable camelcase */
-        };
-    }
-
-    /**
-     * Check whether the key backup private key is stored in secret storage.
-     * @returns map of key name to key info the secret is
-     *     encrypted with, or null if it is not present or not encrypted with a
-     *     trusted key
-     */
-    public isKeyBackupKeyStored(): Promise<Record<string, SecretStorageKeyDescription> | null> {
-        return Promise.resolve(this.secretStorage.isStored("m.megolm_backup.v1"));
-    }
-
-    /**
-     * Create a new key backup version and enable it, using the information return
-     * from prepareKeyBackupVersion.
-     *
-     * @param info - Info object from prepareKeyBackupVersion
-     * @returns Object with 'version' param indicating the version created
-     *
-     * @deprecated Use {@link Crypto.CryptoApi.resetKeyBackup | `CryptoApi.resetKeyBackup`}.
-     */
-    public async createKeyBackupVersion(info: IKeyBackupInfo): Promise<IKeyBackupInfo> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        await this.crypto.backupManager.createKeyBackupVersion(info);
-
-        const data = {
-            algorithm: info.algorithm,
-            auth_data: info.auth_data,
-        };
-
-        // Sign the backup auth data with the device key for backwards compat with
-        // older devices with cross-signing. This can probably go away very soon in
-        // favour of just signing with the cross-singing master key.
-        // XXX: Private member access
-        await this.crypto.signObject(data.auth_data);
-
-        if (
-            this.cryptoCallbacks.getCrossSigningKey &&
-            // XXX: Private member access
-            this.crypto.crossSigningInfo.getId()
-        ) {
-            // now also sign the auth data with the cross-signing master key
-            // we check for the callback explicitly here because we still want to be able
-            // to create an un-cross-signed key backup if there is a cross-signing key but
-            // no callback supplied.
-            // XXX: Private member access
-            await this.crypto.crossSigningInfo.signObject(data.auth_data, "master");
-        }
-
-        const res = await this.http.authedRequest<IKeyBackupInfo>(Method.Post, "/room_keys/version", undefined, data);
-
-        // We could assume everything's okay and enable directly, but this ensures
-        // we run the same signature verification that will be used for future
-        // sessions.
-        await this.checkKeyBackup();
-        if (!this.getKeyBackupEnabled()) {
-            this.logger.error("Key backup not usable even though we just created it");
-        }
-
-        return res;
-    }
-
-    /**
-     * @deprecated Use {@link Crypto.CryptoApi.deleteKeyBackupVersion | `CryptoApi.deleteKeyBackupVersion`}.
-     */
-    public async deleteKeyBackupVersion(version: string): Promise<void> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        await this.cryptoBackend.deleteKeyBackupVersion(version);
-    }
-
-    private makeKeyBackupPath(roomId?: string, sessionId?: string, version?: string): IKeyBackupPath {
-        let path: string;
-        if (sessionId !== undefined) {
-            path = utils.encodeUri("/room_keys/keys/$roomId/$sessionId", {
-                $roomId: roomId!,
-                $sessionId: sessionId,
-            });
-        } else if (roomId !== undefined) {
-            path = utils.encodeUri("/room_keys/keys/$roomId", {
-                $roomId: roomId,
-            });
-        } else {
-            path = "/room_keys/keys";
-        }
-        const queryData = version === undefined ? undefined : { version };
-        return { path, queryData };
-    }
-
-    /**
-     * Back up session keys to the homeserver.
-     * @param roomId - ID of the room that the keys are for Optional.
-     * @param sessionId - ID of the session that the keys are for Optional.
-     * @param version - backup version Optional.
-     * @param data - Object keys to send
-     * @returns a promise that will resolve when the keys
-     * are uploaded
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public sendKeyBackup(
-        roomId: undefined,
-        sessionId: undefined,
-        version: string | undefined,
-        data: IKeyBackup,
-    ): Promise<void>;
-    public sendKeyBackup(
-        roomId: string,
-        sessionId: undefined,
-        version: string | undefined,
-        data: IKeyBackup,
-    ): Promise<void>;
-    public sendKeyBackup(
-        roomId: string,
-        sessionId: string,
-        version: string | undefined,
-        data: IKeyBackup,
-    ): Promise<void>;
-    public async sendKeyBackup(
-        roomId: string | undefined,
-        sessionId: string | undefined,
-        version: string | undefined,
-        data: IKeyBackup,
-    ): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        const path = this.makeKeyBackupPath(roomId!, sessionId!, version);
-        await this.http.authedRequest(Method.Put, path.path, path.queryData, data, { prefix: ClientPrefix.V3 });
-    }
-
-    /**
-     * Marks all group sessions as needing to be backed up and schedules them to
-     * upload in the background as soon as possible.
-     *
-     * @deprecated Not supported for Rust Cryptography. This is done automatically as part of
-     * {@link CryptoApi.resetKeyBackup}, so there is probably no need to call this manually.
-     */
-    public async scheduleAllGroupSessionsForBackup(): Promise<void> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        await this.crypto.backupManager.scheduleAllGroupSessionsForBackup();
-    }
-
-    /**
-     * Marks all group sessions as needing to be backed up without scheduling
-     * them to upload in the background.
-     *
-     * (This is done automatically as part of {@link CryptoApi.resetKeyBackup},
-     * so there is probably no need to call this manually.)
-     *
-     * @returns Promise which resolves to the number of sessions requiring a backup.
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public flagAllGroupSessionsForBackup(): Promise<number> {
-        if (!this.crypto) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        return this.crypto.backupManager.flagAllGroupSessionsForBackup();
-    }
-
-    /**
-     * Return true if recovery key is valid.
-     * Try to decode the recovery key and check if it's successful.
-     * @param recoveryKey
-     * @deprecated Use {@link decodeRecoveryKey} directly
-     */
-    public isValidRecoveryKey(recoveryKey: string): boolean {
-        try {
-            decodeRecoveryKey(recoveryKey);
-            return true;
-        } catch {
-            return false;
-        }
-    }
-
-    /**
-     * Get the raw key for a key backup from the password
-     * Used when migrating key backups into SSSS
-     *
-     * The cross-signing API is currently UNSTABLE and may change without notice.
-     *
-     * @param password - Passphrase
-     * @param backupInfo - Backup metadata from `checkKeyBackup`
-     * @returns key backup key
-     * @deprecated Deriving a backup key from a passphrase is not part of the matrix spec. Instead, a random key is generated and stored/shared via 4S.
-     */
-    public keyBackupKeyFromPassword(password: string, backupInfo: IKeyBackupInfo): Promise<Uint8Array> {
-        return keyFromAuthData(backupInfo.auth_data, password);
-    }
-
-    /**
-     * Get the raw key for a key backup from the recovery key
-     * Used when migrating key backups into SSSS
-     *
-     * The cross-signing API is currently UNSTABLE and may change without notice.
-     *
-     * @param recoveryKey - The recovery key
-     * @returns key backup key
-     * @deprecated Use {@link decodeRecoveryKey} directly
-     */
-    public keyBackupKeyFromRecoveryKey(recoveryKey: string): Uint8Array {
-        return decodeRecoveryKey(recoveryKey);
-    }
-
-    /**
-     * Restore from an existing key backup via a passphrase.
-     *
-     * @param password - Passphrase
-     * @param targetRoomId - Room ID to target a specific room.
-     * Restores all rooms if omitted.
-     * @param targetSessionId - Session ID to target a specific session.
-     * Restores all sessions if omitted.
-     * @param backupInfo - Backup metadata from `getKeyBackupVersion` or `checkKeyBackup`.`backupInfo`
-     * @param opts - Optional params such as callbacks
-     * @returns Status of restoration with `total` and `imported`
-     * key counts.
-     *
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackupWithPassphrase | `CryptoApi.restoreKeyBackupWithPassphrase`}.
-     */
-    public async restoreKeyBackupWithPassword(
-        password: string,
-        targetRoomId: undefined,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackupWithPassphrase | `CryptoApi.restoreKeyBackupWithPassphrase`}.
-     */
-    public async restoreKeyBackupWithPassword(
-        password: string,
-        targetRoomId: string,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackupWithPassphrase | `CryptoApi.restoreKeyBackupWithPassphrase`}.
-     */
-    public async restoreKeyBackupWithPassword(
-        password: string,
-        targetRoomId: string,
-        targetSessionId: string,
-        backupInfo: IKeyBackupInfo,
-        opts: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackupWithPassphrase | `CryptoApi.restoreKeyBackupWithPassphrase`}.
-     */
-    public async restoreKeyBackupWithPassword(
-        password: string,
-        targetRoomId: string | undefined,
-        targetSessionId: string | undefined,
-        backupInfo: IKeyBackupInfo,
-        opts: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult> {
-        const privKey = await keyFromAuthData(backupInfo.auth_data, password);
-        return this.restoreKeyBackup(privKey, targetRoomId!, targetSessionId!, backupInfo, opts);
-    }
-
-    /**
-     * Restore from an existing key backup via a private key stored in secret
-     * storage.
-     *
-     * @param backupInfo - Backup metadata from `checkKeyBackup`
-     * @param targetRoomId - Room ID to target a specific room.
-     * Restores all rooms if omitted.
-     * @param targetSessionId - Session ID to target a specific session.
-     * Restores all sessions if omitted.
-     * @param opts - Optional params such as callbacks
-     * @returns Status of restoration with `total` and `imported`
-     * key counts.
-     *
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public async restoreKeyBackupWithSecretStorage(
-        backupInfo: IKeyBackupInfo,
-        targetRoomId?: string,
-        targetSessionId?: string,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        const storedKey = await this.secretStorage.get("m.megolm_backup.v1");
-
-        // ensure that the key is in the right format.  If not, fix the key and
-        // store the fixed version
-        const fixedKey = fixBackupKey(storedKey);
-        if (fixedKey) {
-            const keys = await this.secretStorage.getKey();
-            await this.secretStorage.store("m.megolm_backup.v1", fixedKey, [keys![0]]);
-        }
-
-        const privKey = decodeBase64(fixedKey || storedKey!);
-        return this.restoreKeyBackup(privKey, targetRoomId!, targetSessionId!, backupInfo, opts);
-    }
-
-    /**
-     * Restore from an existing key backup via an encoded recovery key.
-     *
-     * @param recoveryKey - Encoded recovery key
-     * @param targetRoomId - Room ID to target a specific room.
-     * Restores all rooms if omitted.
-     * @param targetSessionId - Session ID to target a specific session.
-     * Restores all sessions if omitted.
-     * @param backupInfo - Backup metadata from `checkKeyBackup`
-     * @param opts - Optional params such as callbacks
-
-     * @returns Status of restoration with `total` and `imported`
-     * key counts.
-     *
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public restoreKeyBackupWithRecoveryKey(
-        recoveryKey: string,
-        targetRoomId: undefined,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public restoreKeyBackupWithRecoveryKey(
-        recoveryKey: string,
-        targetRoomId: string,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public restoreKeyBackupWithRecoveryKey(
-        recoveryKey: string,
-        targetRoomId: string,
-        targetSessionId: string,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public restoreKeyBackupWithRecoveryKey(
-        recoveryKey: string,
-        targetRoomId: string | undefined,
-        targetSessionId: string | undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult> {
-        const privKey = decodeRecoveryKey(recoveryKey);
-        return this.restoreKeyBackup(privKey, targetRoomId!, targetSessionId!, backupInfo, opts);
-    }
-
-    /**
-     * Restore from an existing key backup via a private key stored locally
-     * @param targetRoomId
-     * @param targetSessionId
-     * @param backupInfo
-     * @param opts
-     *
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public async restoreKeyBackupWithCache(
-        targetRoomId: undefined,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public async restoreKeyBackupWithCache(
-        targetRoomId: string,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public async restoreKeyBackupWithCache(
-        targetRoomId: string,
-        targetSessionId: string,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    /**
-     * @deprecated Prefer {@link CryptoApi.restoreKeyBackup | `CryptoApi.restoreKeyBackup`}.
-     */
-    public async restoreKeyBackupWithCache(
-        targetRoomId: string | undefined,
-        targetSessionId: string | undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult> {
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-        const privKey = await this.cryptoBackend.getSessionBackupPrivateKey();
-        if (!privKey) {
-            throw new Error("Couldn't get key");
-        }
-        return this.restoreKeyBackup(privKey, targetRoomId!, targetSessionId!, backupInfo, opts);
-    }
-
-    private async restoreKeyBackup(
-        privKey: ArrayLike<number>,
-        targetRoomId: undefined,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    private async restoreKeyBackup(
-        privKey: ArrayLike<number>,
-        targetRoomId: string,
-        targetSessionId: undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    private async restoreKeyBackup(
-        privKey: ArrayLike<number>,
-        targetRoomId: string,
-        targetSessionId: string,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult>;
-    private async restoreKeyBackup(
-        privKey: ArrayLike<number>,
-        targetRoomId: string | undefined,
-        targetSessionId: string | undefined,
-        backupInfo: IKeyBackupInfo,
-        opts?: IKeyBackupRestoreOpts,
-    ): Promise<IKeyBackupRestoreResult> {
-        const cacheCompleteCallback = opts?.cacheCompleteCallback;
-        const progressCallback = opts?.progressCallback;
-
-        if (!this.cryptoBackend) {
-            throw new Error("End-to-end encryption disabled");
-        }
-
-        if (!backupInfo.version) {
-            throw new Error("Backup version must be defined");
-        }
-        const backupVersion = backupInfo.version!;
-
-        let totalKeyCount = 0;
-        let totalFailures = 0;
-        let totalImported = 0;
-
-        const path = this.makeKeyBackupPath(targetRoomId, targetSessionId, backupVersion);
-
-        const backupDecryptor = await this.cryptoBackend.getBackupDecryptor(backupInfo, privKey);
-
-        const untrusted = !backupDecryptor.sourceTrusted;
-
-        try {
-            if (!(privKey instanceof Uint8Array)) {
-                // eslint-disable-next-line @typescript-eslint/no-base-to-string
-                throw new Error(`restoreKeyBackup expects Uint8Array, got ${privKey}`);
-            }
-            // Cache the key, if possible.
-            // This is async.
-            this.cryptoBackend
-                .storeSessionBackupPrivateKey(privKey, backupVersion)
-                .catch((e) => {
-                    this.logger.warn("Error caching session backup key:", e);
-                })
-                .then(cacheCompleteCallback);
-
-            if (progressCallback) {
-                progressCallback({
-                    stage: "fetch",
-                });
-            }
-
-            const res = await this.http.authedRequest<IRoomsKeysResponse | IRoomKeysResponse | IKeyBackupSession>(
-                Method.Get,
-                path.path,
-                path.queryData,
-                undefined,
-                { prefix: ClientPrefix.V3 },
-            );
-
-            // We have finished fetching the backup, go to next step
-            if (progressCallback) {
-                progressCallback({
-                    stage: "load_keys",
-                });
-            }
-
-            if ((res as IRoomsKeysResponse).rooms) {
-                // We have a full backup here, it can get quite big, so we need to decrypt and import it in chunks.
-
-                // Get the total count as a first pass
-                totalKeyCount = this.getTotalKeyCount(res as IRoomsKeysResponse);
-                // Now decrypt and import the keys in chunks
-                await this.handleDecryptionOfAFullBackup(
-                    res as IRoomsKeysResponse,
-                    backupDecryptor,
-                    200,
-                    async (chunk) => {
-                        // We have a chunk of decrypted keys: import them
-                        try {
-                            const backupVersion = backupInfo.version!;
-                            await this.cryptoBackend!.importBackedUpRoomKeys(chunk, backupVersion, {
-                                untrusted,
-                            });
-                            totalImported += chunk.length;
-                        } catch (e) {
-                            totalFailures += chunk.length;
-                            // We failed to import some keys, but we should still try to import the rest?
-                            // Log the error and continue
-                            logger.error("Error importing keys from backup", e);
-                        }
-
-                        if (progressCallback) {
-                            progressCallback({
-                                total: totalKeyCount,
-                                successes: totalImported,
-                                stage: "load_keys",
-                                failures: totalFailures,
-                            });
-                        }
-                    },
-                );
-            } else if ((res as IRoomKeysResponse).sessions) {
-                // For now we don't chunk for a single room backup, but we could in the future.
-                // Currently it is not used by the application.
-                const sessions = (res as IRoomKeysResponse).sessions;
-                totalKeyCount = Object.keys(sessions).length;
-                const keys = await backupDecryptor.decryptSessions(sessions);
-                for (const k of keys) {
-                    k.room_id = targetRoomId!;
-                }
-                await this.cryptoBackend.importBackedUpRoomKeys(keys, backupVersion, {
-                    progressCallback,
-                    untrusted,
-                });
-                totalImported = keys.length;
-            } else {
-                totalKeyCount = 1;
-                try {
-                    const [key] = await backupDecryptor.decryptSessions({
-                        [targetSessionId!]: res as IKeyBackupSession,
-                    });
-                    key.room_id = targetRoomId!;
-                    key.session_id = targetSessionId!;
-
-                    await this.cryptoBackend.importBackedUpRoomKeys([key], backupVersion, {
-                        progressCallback,
-                        untrusted,
-                    });
-                    totalImported = 1;
-                } catch (e) {
-                    this.logger.debug("Failed to decrypt megolm session from backup", e);
-                }
-            }
-        } finally {
-            backupDecryptor.free();
-        }
+    public setGuest(guest: boolean): void {
+        this.isGuestAccount = guest;
+    }
 
-        /// in case entering the passphrase would add a new signature?
-        await this.cryptoBackend.checkKeyBackupAndEnable();
+    /**
+     * Return the provided scheduler, if any.
+     * @returns The scheduler or undefined
+     */
+    public getScheduler(): MatrixScheduler | undefined {
+        return this.scheduler;
+    }
 
-        return { total: totalKeyCount, imported: totalImported };
+    /**
+     * Retry a backed off syncing request immediately. This should only be used when
+     * the user <b>explicitly</b> attempts to retry their lost connection.
+     * Will also retry any outbound to-device messages currently in the queue to be sent
+     * (retries of regular outgoing events are handled separately, per-event).
+     * @returns True if this resulted in a request being retried.
+     */
+    public retryImmediately(): boolean {
+        // don't await for this promise: we just want to kick it off
+        this.toDeviceMessageQueue.sendQueue();
+        return this.syncApi?.retryImmediately() ?? false;
     }
 
     /**
-     * This method calculates the total number of keys present in the response of a `/room_keys/keys` call.
-     *
-     * @param res - The response from the server containing the keys to be counted.
+     * Return the global notification EventTimelineSet, if any
      *
-     * @returns The total number of keys in the backup.
+     * @returns the globl notification EventTimelineSet
      */
-    private getTotalKeyCount(res: IRoomsKeysResponse): number {
-        const rooms = res.rooms;
-        let totalKeyCount = 0;
-        for (const roomData of Object.values(rooms)) {
-            if (!roomData.sessions) continue;
-            totalKeyCount += Object.keys(roomData.sessions).length;
-        }
-        return totalKeyCount;
+    public getNotifTimelineSet(): EventTimelineSet | null {
+        return this.notifTimelineSet;
     }
 
     /**
-     * This method handles the decryption of a full backup, i.e a call to `/room_keys/keys`.
-     * It will decrypt the keys in chunks and call the `block` callback for each chunk.
-     *
-     * @param res - The response from the server containing the keys to be decrypted.
-     * @param backupDecryptor - An instance of the BackupDecryptor class used to decrypt the keys.
-     * @param chunkSize - The size of the chunks to be processed at a time.
-     * @param block - A callback function that is called for each chunk of keys.
+     * Set the global notification EventTimelineSet
      *
-     * @returns A promise that resolves when the decryption is complete.
      */
-    private async handleDecryptionOfAFullBackup(
-        res: IRoomsKeysResponse,
-        backupDecryptor: BackupDecryptor,
-        chunkSize: number,
-        block: (chunk: IMegolmSessionData[]) => Promise<void>,
-    ): Promise<void> {
-        const rooms = (res as IRoomsKeysResponse).rooms;
-
-        let groupChunkCount = 0;
-        let chunkGroupByRoom: Map<string, IKeyBackupRoomSessions> = new Map();
+    public setNotifTimelineSet(set: EventTimelineSet): void {
+        this.notifTimelineSet = set;
+    }
 
-        const handleChunkCallback = async (roomChunks: Map<string, IKeyBackupRoomSessions>): Promise<void> => {
-            const currentChunk: IMegolmSessionData[] = [];
-            for (const roomId of roomChunks.keys()) {
-                const decryptedSessions = await backupDecryptor.decryptSessions(roomChunks.get(roomId)!);
-                for (const sessionId in decryptedSessions) {
-                    const k = decryptedSessions[sessionId];
-                    k.room_id = roomId;
-                    currentChunk.push(k);
-                }
-            }
-            await block(currentChunk);
-        };
+    /**
+     * Gets the cached capabilities of the homeserver, returning cached ones if available.
+     * If there are no cached capabilities and none can be fetched, throw an exception.
+     *
+     * @returns Promise resolving with The capabilities of the homeserver
+     */
+    public async getCapabilities(): Promise<Capabilities> {
+        const caps = this.serverCapabilitiesService.getCachedCapabilities();
+        if (caps) return caps;
+        return this.serverCapabilitiesService.fetchCapabilities();
+    }
 
-        for (const [roomId, roomData] of Object.entries(rooms)) {
-            if (!roomData.sessions) continue;
-
-            chunkGroupByRoom.set(roomId, {});
-
-            for (const [sessionId, session] of Object.entries(roomData.sessions)) {
-                const sessionsForRoom = chunkGroupByRoom.get(roomId)!;
-                sessionsForRoom[sessionId] = session;
-                groupChunkCount += 1;
-                if (groupChunkCount >= chunkSize) {
-                    // We have enough chunks to decrypt
-                    await handleChunkCallback(chunkGroupByRoom);
-                    chunkGroupByRoom = new Map();
-                    // There might be remaining keys for that room, so add back an entry for the current room.
-                    chunkGroupByRoom.set(roomId, {});
-                    groupChunkCount = 0;
-                }
-            }
-        }
+    /**
+     * Gets the cached capabilities of the homeserver. If none have been fetched yet,
+     * return undefined.
+     *
+     * @returns The capabilities of the homeserver
+     */
+    public getCachedCapabilities(): Capabilities | undefined {
+        return this.serverCapabilitiesService.getCachedCapabilities();
+    }
 
-        // Handle remaining chunk if needed
-        if (groupChunkCount > 0) {
-            await handleChunkCallback(chunkGroupByRoom);
-        }
+    /**
+     * Fetches the latest capabilities from the homeserver, ignoring any cached
+     * versions. The newly returned version is cached.
+     *
+     * @returns A promise which resolves to the capabilities of the homeserver
+     */
+    public fetchCapabilities(): Promise<Capabilities> {
+        return this.serverCapabilitiesService.fetchCapabilities();
     }
 
-    public deleteKeysFromBackup(roomId: undefined, sessionId: undefined, version?: string): Promise<void>;
-    public deleteKeysFromBackup(roomId: string, sessionId: undefined, version?: string): Promise<void>;
-    public deleteKeysFromBackup(roomId: string, sessionId: string, version?: string): Promise<void>;
-    public async deleteKeysFromBackup(roomId?: string, sessionId?: string, version?: string): Promise<void> {
-        const path = this.makeKeyBackupPath(roomId!, sessionId!, version);
-        await this.http.authedRequest(Method.Delete, path.path, path.queryData, undefined, { prefix: ClientPrefix.V3 });
+    /**
+     * @deprecated Does nothing.
+     */
+    public async uploadKeys(): Promise<void> {
+        this.logger.warn("MatrixClient.uploadKeys is deprecated");
     }
 
     /**
@@ -4234,7 +1600,10 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @returns Promise which resolves: an empty object
      * @returns Rejects: with an error response.
      */
-    public setAccountData(eventType: EventType | string, content: IContent): Promise<{}> {
+    public setAccountData<K extends keyof AccountDataEvents>(
+        eventType: K,
+        content: AccountDataEvents[K] | Record<string, never>,
+    ): Promise<{}> {
         const path = utils.encodeUri("/user/$userId/account_data/$type", {
             $userId: this.credentials.userId!,
             $type: eventType,
@@ -4249,7 +1618,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @param eventType - The event type
      * @returns The contents of the given account data event
      */
-    public getAccountData(eventType: string): MatrixEvent | undefined {
+    public getAccountData<K extends keyof AccountDataEvents>(eventType: K): MatrixEvent | undefined {
         return this.store.getAccountData(eventType);
     }
 
@@ -4261,7 +1630,9 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @returns Promise which resolves: The contents of the given account data event.
      * @returns Rejects: with an error response.
      */
-    public async getAccountDataFromServer<T extends { [k: string]: any }>(eventType: string): Promise<T | null> {
+    public async getAccountDataFromServer<K extends keyof AccountDataEvents>(
+        eventType: K,
+    ): Promise<AccountDataEvents[K] | null> {
         if (this.isInitialSyncComplete()) {
             const event = this.store.getAccountData(eventType);
             if (!event) {
@@ -4269,7 +1640,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
             }
             // The network version below returns just the content, so this branch
             // does the same to match.
-            return event.getContent<T>();
+            return event.getContent<AccountDataEvents[K]>();
         }
         const path = utils.encodeUri("/user/$userId/account_data/$type", {
             $userId: this.credentials.userId!,
@@ -4285,7 +1656,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         }
     }
 
-    public async deleteAccountData(eventType: string): Promise<void> {
+    public async deleteAccountData(eventType: keyof AccountDataEvents): Promise<void> {
         const msc3391DeleteAccountDataServerSupport = this.canSupport.get(Feature.AccountDataDeletion);
         // if deletion is not supported overwrite with empty content
         if (msc3391DeleteAccountDataServerSupport === ServerSupport.Unsupported) {
@@ -4308,8 +1679,8 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @returns The array of users that are ignored (empty if none)
      */
     public getIgnoredUsers(): string[] {
-        const event = this.getAccountData("m.ignored_user_list");
-        if (!event || !event.getContent() || !event.getContent()["ignored_users"]) return [];
+        const event = this.getAccountData(EventType.IgnoredUserList);
+        if (!event?.getContent()["ignored_users"]) return [];
         return Object.keys(event.getContent()["ignored_users"]);
     }
 
@@ -4324,7 +1695,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         userIds.forEach((u) => {
             content.ignored_users[u] = {};
         });
-        return this.setAccountData("m.ignored_user_list", content);
+        return this.setAccountData(EventType.IgnoredUserList, content);
     }
 
     /**
@@ -4817,18 +2188,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         }
 
         try {
-            let cancelled: boolean;
             this.eventsBeingEncrypted.add(event.getId()!);
-            try {
-                await this.encryptEventIfNeeded(event, room ?? undefined);
-            } finally {
-                cancelled = !this.eventsBeingEncrypted.delete(event.getId()!);
-            }
-
-            if (cancelled) {
-                // cancelled via MatrixClient::cancelPendingEvent
-                return {} as ISendEventResponse;
-            }
 
             // encryptEventIfNeeded may have updated the status from SENDING to ENCRYPTING. If so, we need
             // to put it back.
@@ -4879,70 +2239,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         }
     }
 
-    private async encryptEventIfNeeded(event: MatrixEvent, room?: Room): Promise<void> {
-        // If the room is unknown, we cannot encrypt for it
-        if (!room) return;
-
-        if (!(await this.shouldEncryptEventForRoom(event, room))) return;
-
-        if (!this.cryptoBackend && this.usingExternalCrypto) {
-            // The client has opted to allow sending messages to encrypted
-            // rooms even if the room is encrypted, and we haven't set up
-            // crypto. This is useful for users of matrix-org/pantalaimon
-            return;
-        }
-
-        if (!this.cryptoBackend) {
-            throw new Error("This room is configured to use encryption, but your client does not support encryption.");
-        }
-
-        this.updatePendingEventStatus(room, event, EventStatus.ENCRYPTING);
-        await this.cryptoBackend.encryptEvent(event, room);
-    }
-
-    /**
-     * Determine whether a given event should be encrypted when we send it to the given room.
-     *
-     * This takes into account event type and room configuration.
-     */
-    private async shouldEncryptEventForRoom(event: MatrixEvent, room: Room): Promise<boolean> {
-        if (event.isEncrypted()) {
-            // this event has already been encrypted; this happens if the
-            // encryption step succeeded, but the send step failed on the first
-            // attempt.
-            return false;
-        }
-
-        if (event.getType() === EventType.Reaction) {
-            // For reactions, there is a very little gained by encrypting the entire
-            // event, as relation data is already kept in the clear. Event
-            // encryption for a reaction effectively only obscures the event type,
-            // but the purpose is still obvious from the relation data, so nothing
-            // is really gained. It also causes quite a few problems, such as:
-            //   * triggers notifications via default push rules
-            //   * prevents server-side bundling for reactions
-            // The reaction key / content / emoji value does warrant encrypting, but
-            // this will be handled separately by encrypting just this value.
-            // See https://github.com/matrix-org/matrix-doc/pull/1849#pullrequestreview-248763642
-            return false;
-        }
-
-        if (event.isRedaction()) {
-            // Redactions do not support encryption in the spec at this time.
-            // Whilst it mostly worked in some clients, it wasn't compliant.
-            return false;
-        }
-
-        // If the room has an m.room.encryption event, we should encrypt.
-        if (room.hasEncryptionStateEvent()) return true;
-
-        // If we have a crypto impl, and *it* thinks we should encrypt, then we should.
-        if (await this.cryptoBackend?.isEncryptionEnabledInRoom(room.roomId)) return true;
-
-        // Otherwise, no need to encrypt.
-        return false;
-    }
-
     /**
      * Returns the eventType that should be used taking encryption into account
      * for a given eventType.
@@ -5063,7 +2359,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
             if (this.canSupport.get(Feature.RelationBasedRedactions) === ServerSupport.Unsupported) {
                 throw new Error(
                     "Server does not support relation based redactions " +
-                        `roomId ${roomId} eventId ${eventId} txnId: ${txnId} threadId ${threadId}`,
+                    `roomId ${roomId} eventId ${eventId} txnId: ${txnId as string} threadId ${threadId}`,
                 );
             }
 
@@ -6136,7 +3432,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
                         room.partitionThreadedEvents(matrixEvents);
 
                     this.processAggregatedTimelineEvents(room, timelineEvents);
-                    room.addEventsToTimeline(timelineEvents, true, room.getLiveTimeline());
+                    room.addEventsToTimeline(timelineEvents, true, true, room.getLiveTimeline());
                     this.processThreadEvents(room, threadedEvents, true);
                     unknownRelations.forEach((event) => room.relations.aggregateChildEvent(event));
 
@@ -6185,7 +3481,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         if (!this.timelineSupport) {
             throw new Error(
                 "timeline support is disabled. Set the 'timelineSupport'" +
-                    " parameter to true when creating MatrixClient to enable it.",
+                " parameter to true when creating MatrixClient to enable it.",
             );
         }
 
@@ -6248,7 +3544,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         }
 
         const [timelineEvents, threadedEvents, unknownRelations] = timelineSet.room.partitionThreadedEvents(events);
-        timelineSet.addEventsToTimeline(timelineEvents, true, timeline, res.start);
+        timelineSet.addEventsToTimeline(timelineEvents, true, false, timeline, res.start);
         // The target event is not in a thread but process the contextual events, so we can show any threads around it.
         this.processThreadEvents(timelineSet.room, threadedEvents, true);
         this.processAggregatedTimelineEvents(timelineSet.room, timelineEvents);
@@ -6342,10 +3638,10 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
                     timeline.initialiseState(res.state.map(mapper));
                 }
 
-                timelineSet.addEventsToTimeline(events, true, timeline, resNewer.next_batch);
+                timelineSet.addEventsToTimeline(events, true, false, timeline, resNewer.next_batch);
                 if (!resOlder.next_batch) {
                     const originalEvent = await this.fetchRoomEvent(timelineSet.room.roomId, thread.id);
-                    timelineSet.addEventsToTimeline([mapper(originalEvent)], true, timeline, null);
+                    timelineSet.addEventsToTimeline([mapper(originalEvent)], true, false, timeline, null);
                 }
                 timeline.setPaginationToken(resOlder.next_batch ?? null, Direction.Backward);
                 timeline.setPaginationToken(resNewer.next_batch ?? null, Direction.Forward);
@@ -6399,10 +3695,10 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
                 const timeline = timelineSet.getLiveTimeline();
                 timeline.getState(EventTimeline.BACKWARDS)!.setUnknownStateEvents(res.state.map(mapper));
 
-                timelineSet.addEventsToTimeline(events, true, timeline, null);
+                timelineSet.addEventsToTimeline(events, true, false, timeline, null);
                 if (!resOlder.next_batch) {
                     const originalEvent = await this.fetchRoomEvent(timelineSet.room.roomId, thread.id);
-                    timelineSet.addEventsToTimeline([mapper(originalEvent)], true, timeline, null);
+                    timelineSet.addEventsToTimeline([mapper(originalEvent)], true, false, timeline, null);
                 }
                 timeline.setPaginationToken(resOlder.next_batch ?? null, Direction.Backward);
                 timeline.setPaginationToken(null, Direction.Forward);
@@ -6428,7 +3724,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         if (!this.timelineSupport) {
             throw new Error(
                 "timeline support is disabled. Set the 'timelineSupport'" +
-                    " parameter to true when creating MatrixClient to enable it.",
+                " parameter to true when creating MatrixClient to enable it.",
             );
         }
 
@@ -6665,7 +3961,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
                     // No need to partition events for threads here, everything lives
                     // in the notification timeline set
                     const timelineSet = eventTimeline.getTimelineSet();
-                    timelineSet.addEventsToTimeline(matrixEvents, backwards, eventTimeline, token);
+                    timelineSet.addEventsToTimeline(matrixEvents, backwards, false, eventTimeline, token);
                     this.processAggregatedTimelineEvents(timelineSet.room, matrixEvents);
 
                     // if we've hit the end of the timeline, we need to stop trying to
@@ -6708,7 +4004,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
                     const matrixEvents = res.chunk.filter(noUnsafeEventProps).map(this.getEventMapper());
 
                     const timelineSet = eventTimeline.getTimelineSet();
-                    timelineSet.addEventsToTimeline(matrixEvents, backwards, eventTimeline, token);
+                    timelineSet.addEventsToTimeline(matrixEvents, backwards, false, eventTimeline, token);
                     this.processAggregatedTimelineEvents(room, matrixEvents);
                     this.processThreadRoots(room, matrixEvents, backwards);
 
@@ -6756,12 +4052,12 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
                     const newToken = res.next_batch;
 
                     const timelineSet = eventTimeline.getTimelineSet();
-                    timelineSet.addEventsToTimeline(matrixEvents, backwards, eventTimeline, newToken ?? null);
+                    timelineSet.addEventsToTimeline(matrixEvents, backwards, false, eventTimeline, newToken ?? null);
                     if (!newToken && backwards) {
                         const originalEvent =
                             thread.rootEvent ??
                             mapper(await this.fetchRoomEvent(eventTimeline.getRoomId() ?? "", thread.id));
-                        timelineSet.addEventsToTimeline([originalEvent], true, eventTimeline, null);
+                        timelineSet.addEventsToTimeline([originalEvent], true, false, eventTimeline, null);
                     }
                     this.processAggregatedTimelineEvents(timelineSet.room, matrixEvents);
 
@@ -6800,7 +4096,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
 
                     const timelineSet = eventTimeline.getTimelineSet();
                     const [timelineEvents, , unknownRelations] = room.partitionThreadedEvents(matrixEvents);
-                    timelineSet.addEventsToTimeline(timelineEvents, backwards, eventTimeline, token);
+                    timelineSet.addEventsToTimeline(timelineEvents, backwards, false, eventTimeline, token);
                     this.processAggregatedTimelineEvents(room, timelineEvents);
                     this.processThreadRoots(
                         room,
@@ -7341,8 +4637,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
             if (room) {
                 // Copy over a known event sender if we can
                 for (const ev of sr.context.getTimeline()) {
-                    const sender = room.getMember(ev.getSender()!);
-                    if (!ev.sender && sender) ev.sender = sender;
+                    ev.setMetadata(room.currentState, false);
                 }
             }
             searchResults.results.push(sr);
@@ -7493,25 +4788,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         return this.http.authedRequest(Method.Post, path, undefined, {});
     }
 
-    private startCallEventHandler = (): void => {
-        if (this.isInitialSyncComplete()) {
-            if (supportsMatrixCall()) {
-                this.callEventHandler!.start();
-                this.groupCallEventHandler!.start();
-            }
-
-            this.off(ClientEvent.Sync, this.startCallEventHandler);
-        }
-    };
-
-    private startMatrixRTC = (): void => {
-        if (this.isInitialSyncComplete()) {
-            this.matrixRTC.start();
-
-            this.off(ClientEvent.Sync, this.startMatrixRTC);
-        }
-    };
-
     /**
      * Once the client has been initialised, we want to clear notifications we
      * know for a fact should be here.
@@ -7537,84 +4813,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         }
     };
 
-    /**
-     * @returns Promise which resolves: ITurnServerResponse object
-     * @returns Rejects: with an error response.
-     */
-    public turnServer(): Promise<ITurnServerResponse> {
-        return this.http.authedRequest(Method.Get, "/voip/turnServer");
-    }
-
-    /**
-     * Get the TURN servers for this homeserver.
-     * @returns The servers or an empty list.
-     */
-    public getTurnServers(): ITurnServer[] {
-        return this.turnServers || [];
-    }
-
-    /**
-     * Get the unix timestamp (in milliseconds) at which the current
-     * TURN credentials (from getTurnServers) expire
-     * @returns The expiry timestamp in milliseconds
-     */
-    public getTurnServersExpiry(): number {
-        return this.turnServersExpiry;
-    }
-
-    public get pollingTurnServers(): boolean {
-        return this.checkTurnServersIntervalID !== undefined;
-    }
-
-    // XXX: Intended private, used in code.
-    public async checkTurnServers(): Promise<boolean | undefined> {
-        if (!this.canSupportVoip) {
-            return;
-        }
-
-        let credentialsGood = false;
-        const remainingTime = this.turnServersExpiry - Date.now();
-        if (remainingTime > TURN_CHECK_INTERVAL) {
-            this.logger.debug("TURN creds are valid for another " + remainingTime + " ms: not fetching new ones.");
-            credentialsGood = true;
-        } else {
-            this.logger.debug("Fetching new TURN credentials");
-            try {
-                const res = await this.turnServer();
-                if (res.uris) {
-                    this.logger.debug("Got TURN URIs: " + res.uris + " refresh in " + res.ttl + " secs");
-                    // map the response to a format that can be fed to RTCPeerConnection
-                    const servers: ITurnServer = {
-                        urls: res.uris,
-                        username: res.username,
-                        credential: res.password,
-                    };
-                    this.turnServers = [servers];
-                    // The TTL is in seconds but we work in ms
-                    this.turnServersExpiry = Date.now() + res.ttl * 1000;
-                    credentialsGood = true;
-                    this.emit(ClientEvent.TurnServers, this.turnServers);
-                }
-            } catch (err) {
-                this.logger.error("Failed to get TURN URIs", err);
-                if ((<HTTPError>err).httpStatus === 403) {
-                    // We got a 403, so there's no point in looping forever.
-                    this.logger.info("TURN access unavailable for this account: stopping credentials checks");
-                    if (this.checkTurnServersIntervalID !== null) {
-                        globalThis.clearInterval(this.checkTurnServersIntervalID);
-                    }
-                    this.checkTurnServersIntervalID = undefined;
-                    this.emit(ClientEvent.TurnServersError, <HTTPError>err, true); // fatal
-                } else {
-                    // otherwise, if we failed for whatever reason, try again the next time we're called.
-                    this.emit(ClientEvent.TurnServersError, <Error>err, false); // non-fatal
-                }
-            }
-        }
-
-        return credentialsGood;
-    }
-
     /**
      * Set whether to allow a fallback ICE server should be used for negotiating a
      * WebRTC connection if the homeserver doesn't provide any servers. Defaults to
@@ -7956,8 +5154,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         let events = result.chunk.map(mapper);
 
         if (fetchedEventType === EventType.RoomMessageEncrypted) {
-            const allEvents = originalEvent ? events.concat(originalEvent) : events;
-            await Promise.all(allEvents.map((e) => this.decryptEventIfNeeded(e)));
             if (eventType !== null) {
                 events = events.filter((e) => e.getType() === eventType);
             }
@@ -7974,24 +5170,13 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         };
     }
 
-    /**
-     * The app may wish to see if we have a key cached without
-     * triggering a user interaction.
-     *
-     * @deprecated Not supported for Rust Cryptography.
-     */
-    public getCrossSigningCacheCallbacks(): ICacheCallbacks | undefined {
-        // XXX: Private member access
-        return this.crypto?.crossSigningInfo.getCacheCallbacks();
-    }
-
     /**
      * Generates a random string suitable for use as a client secret. <strong>This
      * method is experimental and may change.</strong>
      * @returns A new client secret
      */
     public generateClientSecret(): string {
-        return randomString(32);
+        return secureRandomString(32);
     }
 
     /**
@@ -8000,15 +5185,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @returns A decryption promise
      */
     public decryptEventIfNeeded(event: MatrixEvent, options?: IDecryptOptions): Promise<void> {
-        if (event.shouldAttemptDecryption() && this.isCryptoEnabled()) {
-            event.attemptDecryption(this.cryptoBackend!, options);
-        }
-
-        if (event.isBeingDecrypted()) {
-            return event.getDecryptionPromise()!;
-        } else {
-            return Promise.resolve();
-        }
+        return Promise.resolve();
     }
 
     private termsUrlForService(serviceType: SERVICE_TYPES, baseUrl: string): URL {
@@ -8239,27 +5416,33 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
     /**
      * @returns Promise which resolves to a LoginResponse object
      * @returns Rejects: with an error response.
+     *
+     * @deprecated This method has unintuitive behaviour: it updates the `MatrixClient` instance with *some* of the
+     *    returned credentials. Instead, call {@link loginRequest} and create a new `MatrixClient` instance using the
+     *    results. See https://github.com/matrix-org/matrix-js-sdk/issues/4502.
      */
     public login(loginType: LoginRequest["type"], data: Omit<LoginRequest, "type">): Promise<LoginResponse> {
-        return this.http
-            .authedRequest<LoginResponse>(Method.Post, "/login", undefined, {
-                ...data,
-                type: loginType,
-            })
-            .then((response) => {
-                if (response.access_token && response.user_id) {
-                    this.http.opts.accessToken = response.access_token;
-                    this.credentials = {
-                        userId: response.user_id,
-                    };
-                }
-                return response;
-            });
+        return this.loginRequest({
+            ...data,
+            type: loginType,
+        }).then((response) => {
+            if (response.access_token && response.user_id) {
+                this.http.opts.accessToken = response.access_token;
+                this.credentials = {
+                    userId: response.user_id,
+                };
+            }
+            return response;
+        });
     }
 
     /**
      * @returns Promise which resolves to a LoginResponse object
      * @returns Rejects: with an error response.
+     *
+     * @deprecated This method has unintuitive behaviour: it updates the `MatrixClient` instance with *some* of the
+     *   returned credentials. Instead, call {@link loginRequest} with `data.type: "m.login.password"`, and create a new
+     *   `MatrixClient` instance using the results. See https://github.com/matrix-org/matrix-js-sdk/issues/4502.
      */
     public loginWithPassword(user: string, password: string): Promise<LoginResponse> {
         return this.login("m.login.password", {
@@ -8304,6 +5487,10 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @param token - Login token previously received from homeserver
      * @returns Promise which resolves to a LoginResponse object
      * @returns Rejects: with an error response.
+     *
+     * @deprecated This method has unintuitive behaviour: it updates the `MatrixClient` instance with *some* of the
+     *   returned credentials. Instead, call {@link loginRequest} with `data.type: "m.login.token"`, and create a new
+     *   `MatrixClient` instance using the results. See https://github.com/matrix-org/matrix-js-sdk/issues/4502.
      */
     public loginWithToken(token: string): Promise<LoginResponse> {
         return this.login("m.login.token", {
@@ -8311,6 +5498,20 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         });
     }
 
+    /**
+     * Sends a `POST /login` request to the server.
+     *
+     * If successful, this will create a new device and access token for the user.
+     *
+     * @see {@link MatrixClient.loginFlows} which makes a `GET /login` request.
+     * @see https://spec.matrix.org/v1.13/client-server-api/#post_matrixclientv3login
+     *
+     * @param data - Credentials and other details for the login request.
+     */
+    public async loginRequest(data: LoginRequest): Promise<LoginResponse> {
+        return await this.http.authedRequest<LoginResponse>(Method.Post, "/login", undefined, data);
+    }
+
     /**
      * Logs out the current session.
      * Obviously, further calls that require authorisation should fail after this
@@ -8321,17 +5522,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @returns Promise which resolves: On success, the empty object `{}`
      */
     public async logout(stopClient = false): Promise<{}> {
-        if (this.crypto?.backupManager?.getKeyBackupEnabled()) {
-            try {
-                while ((await this.crypto.backupManager.backupPendingKeys(200)) > 0);
-            } catch (err) {
-                this.logger.error(
-                    "Key backup request failed when logging out. Some keys may be missing from backup",
-                    err,
-                );
-            }
-        }
-
         if (stopClient) {
             this.stopClient();
             this.http.abort();
@@ -9262,7 +6452,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         deviceId: string,
         notificationSettings: LocalNotificationSettings,
     ): Promise<{}> {
-        const key = `${LOCAL_NOTIFICATION_SETTINGS_PREFIX.name}.${deviceId}`;
+        const key = `${LOCAL_NOTIFICATION_SETTINGS_PREFIX.name}.${deviceId}` as const;
         return this.setAccountData(key, notificationSettings);
     }
 
@@ -9376,87 +6566,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         return this.http.authedRequest(Method.Post, "/search", queryParams, body, { abortSignal });
     }
 
-    /**
-     * Upload keys
-     *
-     * @param content -  body of upload request
-     *
-     * @param opts - this method no longer takes any opts,
-     *  used to take opts.device_id but this was not removed from the spec as a redundant parameter
-     *
-     * @returns Promise which resolves: result object. Rejects: with
-     *     an error response ({@link MatrixError}).
-     */
-    public uploadKeysRequest(content: IUploadKeysRequest, opts?: void): Promise<IKeysUploadResponse> {
-        return this.http.authedRequest(Method.Post, "/keys/upload", undefined, content);
-    }
-
-    public uploadKeySignatures(content: KeySignatures): Promise<IUploadKeySignaturesResponse> {
-        return this.http.authedRequest(Method.Post, "/keys/signatures/upload", undefined, content);
-    }
-
-    /**
-     * Download device keys
-     *
-     * @param userIds -  list of users to get keys for
-     *
-     * @param token - sync token to pass in the query request, to help
-     *   the HS give the most recent results
-     *
-     * @returns Promise which resolves: result object. Rejects: with
-     *     an error response ({@link MatrixError}).
-     */
-    public downloadKeysForUsers(userIds: string[], { token }: { token?: string } = {}): Promise<IDownloadKeyResult> {
-        const content: IQueryKeysRequest = {
-            device_keys: {},
-        };
-        if (token !== undefined) {
-            content.token = token;
-        }
-        userIds.forEach((u) => {
-            content.device_keys[u] = [];
-        });
-
-        return this.http.authedRequest(Method.Post, "/keys/query", undefined, content);
-    }
-
-    /**
-     * Claim one-time keys
-     *
-     * @param devices -  a list of [userId, deviceId] pairs
-     *
-     * @param keyAlgorithm -  desired key type
-     *
-     * @param timeout - the time (in milliseconds) to wait for keys from remote
-     *     servers
-     *
-     * @returns Promise which resolves: result object. Rejects: with
-     *     an error response ({@link MatrixError}).
-     */
-    public claimOneTimeKeys(
-        devices: [string, string][],
-        keyAlgorithm = "signed_curve25519",
-        timeout?: number,
-    ): Promise<IClaimOTKsResult> {
-        const queries: Record<string, Record<string, string>> = {};
-
-        if (keyAlgorithm === undefined) {
-            keyAlgorithm = "signed_curve25519";
-        }
-
-        for (const [userId, deviceId] of devices) {
-            const query = queries[userId] || {};
-            safeSet(queries, userId, query);
-            safeSet(query, deviceId, keyAlgorithm);
-        }
-        const content: IClaimKeysRequest = { one_time_keys: queries };
-        if (timeout) {
-            content.timeout = timeout;
-        }
-        const path = "/keys/claim";
-        return this.http.authedRequest(Method.Post, path, undefined, content);
-    }
-
     /**
      * Ask the server for a list of users who have changed their device lists
      * between a pair of sync tokens
@@ -9474,15 +6583,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         return this.http.authedRequest(Method.Get, "/keys/changes", qps);
     }
 
-    public uploadDeviceSigningKeys(auth?: AuthDict, keys?: CrossSigningKeys): Promise<{}> {
-        // API returns empty object
-        const data = Object.assign({}, keys);
-        if (auth) Object.assign(data, { auth });
-        return this.http.authedRequest(Method.Post, "/keys/device_signing/upload", undefined, data, {
-            prefix: ClientPrefix.Unstable,
-        });
-    }
-
     /**
      * Register with an identity server using the OpenID token from the user's
      * Homeserver, which can be retrieved via
@@ -9810,10 +6910,10 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         identityAccessToken: string,
     ): Promise<
         | {
-              address: string;
-              medium: string;
-              mxid: string;
-          }
+            address: string;
+            medium: string;
+            mxid: string;
+        }
         | {}
     > {
         // Note: we're using the V2 API by calling this function, but our
@@ -10111,13 +7211,6 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
                         [UNSTABLE_MSC3088_ENABLED.name]: true,
                     },
                 },
-                {
-                    type: EventType.RoomEncryption,
-                    state_key: "",
-                    content: {
-                        algorithm: olmlib.MEGOLM_ALGORITHM,
-                    },
-                },
             ],
         });
         return new MSC3089TreeSpace(this, roomId);
@@ -10321,6 +7414,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @returns Resolves: A promise of an object containing the OIDC issuer if configured
      * @returns Rejects: when the request fails (module:http-api.MatrixError)
      * @experimental - part of MSC2965
+     * @deprecated in favour of getAuthMetadata
      */
     public async getAuthIssuer(): Promise<{
         issuer: string;
@@ -10329,6 +7423,33 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
             prefix: ClientPrefix.Unstable + "/org.matrix.msc2965",
         });
     }
+
+    /**
+     * Discover and validate delegated auth configuration
+     * - delegated auth issuer openid-configuration is reachable
+     * - delegated auth issuer openid-configuration is configured correctly for us
+     * Fetches /auth_metadata falling back to legacy implementation using /auth_issuer followed by
+     * https://oidc-issuer.example.com/.well-known/openid-configuration and other files linked therein.
+     * When successful, validated metadata is returned
+     * @returns validated authentication metadata and optionally signing keys
+     * @throws when delegated auth config is invalid or unreachable
+     * @experimental - part of MSC2965
+     */
+    public async getAuthMetadata(): Promise<OidcClientConfig> {
+        let authMetadata: unknown | undefined;
+        try {
+            authMetadata = await this.http.request<unknown>(Method.Get, "/auth_metadata", undefined, undefined, {
+                prefix: ClientPrefix.Unstable + "/org.matrix.msc2965",
+            });
+        } catch (e) {
+            if (e instanceof MatrixError && e.errcode === "M_UNRECOGNIZED") {
+                const { issuer } = await this.getAuthIssuer();
+                return discoverAndValidateOIDCIssuerWellKnown(issuer);
+            }
+            throw e;
+        }
+        return validateAuthMetadataAndKeys(authMetadata);
+    }
 }
 
 function getUnstableDelayQueryOpts(delayOpts: SendDelayedEventRequestOpts): QueryDict {
@@ -10337,88 +7458,6 @@ function getUnstableDelayQueryOpts(delayOpts: SendDelayedEventRequestOpts): Quer
     );
 }
 
-/**
- * recalculates an accurate notifications count on event decryption.
- * Servers do not have enough knowledge about encrypted events to calculate an
- * accurate notification_count
- */
-export function fixNotificationCountOnDecryption(cli: MatrixClient, event: MatrixEvent): void {
-    const ourUserId = cli.getUserId();
-    const eventId = event.getId();
-
-    const room = cli.getRoom(event.getRoomId());
-    if (!room || !ourUserId || !eventId) return;
-
-    // Due to threads, we can get relation events (eg. edits & reactions) that never get
-    // added to a timeline and so cannot be found in their own room (their edit / reaction
-    // still applies to the event it needs to, so it doesn't matter too much). However, if
-    // we try to process notification about this event, we'll get very confused because we
-    // won't be able to find the event in the room, so will assume it must be unread, even
-    // if it's actually read. We therefore skip anything that isn't in the room. This isn't
-    // *great*, so if we can fix the homeless events (eg. with MSC4023) then we should probably
-    // remove this workaround.
-    if (!room.findEventById(eventId)) {
-        logger.info(`Decrypted event ${event.getId()} is not in room ${room.roomId}: ignoring`);
-        return;
-    }
-
-    const isThreadEvent = !!event.threadRootId && !event.isThreadRoot;
-
-    let hasReadEvent;
-    if (isThreadEvent) {
-        const thread = room.getThread(event.threadRootId);
-        hasReadEvent = thread
-            ? thread.hasUserReadEvent(ourUserId, eventId)
-            : // If the thread object does not exist in the room yet, we don't
-              // want to calculate notification for this event yet. We have not
-              // restored the read receipts yet and can't accurately calculate
-              // notifications at this stage.
-              //
-              // This issue can likely go away when MSC3874 is implemented
-              true;
-    } else {
-        hasReadEvent = room.hasUserReadEvent(ourUserId, eventId);
-    }
-
-    if (hasReadEvent) {
-        // If the event has been read, ignore it.
-        return;
-    }
-
-    const actions = cli.getPushActionsForEvent(event, true);
-
-    // Ensure the unread counts are kept up to date if the event is encrypted
-    // We also want to make sure that the notification count goes up if we already
-    // have encrypted events to avoid other code from resetting 'highlight' to zero.
-    const newHighlight = !!actions?.tweaks?.highlight;
-
-    if (newHighlight) {
-        // TODO: Handle mentions received while the client is offline
-        // See also https://github.com/vector-im/element-web/issues/9069
-        const newCount = room.getUnreadCountForEventContext(NotificationCountType.Highlight, event) + 1;
-        if (isThreadEvent) {
-            room.setThreadUnreadNotificationCount(event.threadRootId, NotificationCountType.Highlight, newCount);
-        } else {
-            room.setUnreadNotificationCount(NotificationCountType.Highlight, newCount);
-        }
-    }
-
-    // `notify` is used in practice for incrementing the total count
-    const newNotify = !!actions?.notify;
-
-    // The room total count is NEVER incremented by the server for encrypted rooms. We basically ignore
-    // the server here as it's always going to tell us to increment for encrypted events.
-    if (newNotify) {
-        // Total count is used to typically increment a room notification counter, but not loudly highlight it.
-        const newCount = room.getUnreadCountForEventContext(NotificationCountType.Total, event) + 1;
-        if (isThreadEvent) {
-            room.setThreadUnreadNotificationCount(event.threadRootId, NotificationCountType.Total, newCount);
-        } else {
-            room.setUnreadNotificationCount(NotificationCountType.Total, newCount);
-        }
-    }
-}
-
 /**
  * Given an event, figure out the thread ID we should use for it in a receipt.
  *