wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

login with invalid token gives a 403

Browse source
This commit is contained in:
Richard van der Hoff 2016-08-09 16:28:29 +01:00
parent 1f1dfdd91c
commit 0248afe6ac
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
specification/client_server_api.rst
View file

@ -552,7 +552,7 @@ explicitly, as follows:
} }
In the case that the homeserver does not know about the supplied 3pid, the In the case that the homeserver does not know about the supplied 3pid, the
homeserver must respond with 403 Forbidden. homeserver must respond with ``403 Forbidden``.
To log in using a login token, a client should submit an auth dict as follows: To log in using a login token, a client should submit an auth dict as follows:
@ -564,7 +564,8 @@ To log in using a login token, a client should submit an auth dict as follows:
} }
As with `token-based`_ interactive login, the ``token`` must be a macroon with As with `token-based`_ interactive login, the ``token`` must be a macroon with
a caveat which includes the user id. a caveat which includes the user id. In the case that the token is not valid, the
homeserver must respond with ``403 Forbidden`` and an error code of ``M_FORBIDDEN``.
{{login_cs_http_api}} {{login_cs_http_api}}