wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add rationale for UIA on change password, and how access tokens behave

Browse source 
Fixes https://github.com/matrix-org/matrix-doc/issues/680
This commit is contained in:
Travis Ralston 2019-05-26 21:20:04 -06:00
parent 5c268ef21f
commit 1d33adf62d
2 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
api/client-server/registration.yaml
View file

@ -326,13 +326,17 @@ paths:
description: |- description: |-
Changes the password for an account on this homeserver. Changes the password for an account on this homeserver.
This API endpoint uses the `User-Interactive Authentication API`_. This API endpoint uses the `User-Interactive Authentication API`_ to
ensure the user changing the password is actually the owner of the
account.
An access token should be submitted to this endpoint if the client has An access token should be submitted to this endpoint if the client has
an active session. an active session.
The homeserver may change the flows available depending on whether a The homeserver may change the flows available depending on whether a
valid access token is provided. valid access token is provided. The homeserver SHOULD NOT revoke the
access token provided in the request, however all other access tokens
for the user should be revoked if the request succeeds.
security: security:
- accessToken: [] - accessToken: []
operationId: changePassword operationId: changePassword

1
changelogs/client_server/newsfragments/2027.clarification Normal file
View file

@ -0,0 +1 @@
Clarify why User Interactive Auth is used on password changes and how access tokens are handled.