Document /logout/all

Fixes https://github.com/matrix-org/matrix-doc/issues/700 Signed-off-by: Travis Ralston <travpc@gmail.com>
2018-05-27 11:45:36 -06:00 · 2018-05-27 11:45:36 -06:00 · 4278cd56a4
commit 4278cd56a4
parent c3062b7db6
1 changed files with 23 additions and 0 deletions
--- a/api/client-server/logout.yaml
+++ b/api/client-server/logout.yaml
@ -44,3 +44,26 @@ paths:
            properties: {}
      tags:
        - Session management
+  "/logout/all":
+    post:
+      summary: Invalidates all access tokens for a user
+      description: |-
+        Invalidates all access tokens for a user, so that they can no longer be used for
+        authorization. This includes the access token that made this request. 
+
+        This endpoint does not require UI authorization because UI authorization is
+        designed to protect against attacks where the someone gets hold of a single access
+        token then takes over the account. This endpoint invalidates all access tokens for
+        the user, including the token used in the request, and therefore the attacker is
+        unable to take over the account in this way.
+      operationId: logout_all
+      security:
+        - accessToken: []
+      responses:
+        200:
+          description: The user's access tokens were succesfully invalidated.
+          schema:
+            type: object
+            properties: {}
+      tags:
+        - Session management