wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Remove exception for request/submitToken

Browse source
This commit is contained in:
David Baker 2019-07-05 19:00:15 +01:00
parent bf8a1e5d5f
commit 701d340da1
1 changed files with 0 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

8
proposals/2140-terms-of-service-2.md
View file

@ -68,7 +68,6 @@ be dropped from all endpoints.
Any request to any endpoint within `/_matrix/identity/v2`, with the exception
of:
* `/_matrix/identity/v2`
* any `requestToken` or `submitToken` endpoint
* The new `$prefix/account/register` endpoint
* The new `GET /_matrix/identity/v2/terms`
* `$prefix/logout`
@ -77,13 +76,6 @@ of:
This indicates that the user must authenticate with OpenID and supply a valid
`access_token`.
`requestToken` and `submitToken` endpoints are excluded from the auth check
because they are used in the registration process before the user has an MXID
and therefore cannot log in with OpenID. It is up to the IS to manage its
privacy obligations appropriately when fulfilling these requests, bearing in
mind that the user has not explicitly indicated their agreement to any
documents, and may abort the registration process without doing so.
All other endpoints require authentication by the client supplying an access token
either via an `Authorization` header with a `Bearer` token or an `access_token`
query parameter.