From dd8d10a9a31622b5e20cbc3ba1fc3c85b2e49306 Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Tue, 12 Mar 2024 14:46:03 +0200 Subject: [PATCH 1/3] Specify that appservice login and register fail on incorrect as_tokens Signed-off-by: Tulir Asokan --- .../application_service/newsfragments/1744.clarification | 1 + content/application-service-api.md | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 changelogs/application_service/newsfragments/1744.clarification diff --git a/changelogs/application_service/newsfragments/1744.clarification b/changelogs/application_service/newsfragments/1744.clarification new file mode 100644 index 000000000..908c48ab1 --- /dev/null +++ b/changelogs/application_service/newsfragments/1744.clarification @@ -0,0 +1 @@ +Clarify that the `/login` and `/register` endpoints should fail when using the `m.login.application_service` login type without a valid `as_token`. diff --git a/content/application-service-api.md b/content/application-service-api.md index f3db06cf3..2ea82f22a 100644 --- a/content/application-service-api.md +++ b/content/application-service-api.md @@ -436,6 +436,10 @@ an application service-defined namespace will receive the same `M_EXCLUSIVE` error code, but only if the application service has defined the namespace as `exclusive`. +If either endpoint is called with the `m.login.application_service` login type, +but without a valid `as_token`, the endpoints will return `M_MISSING_TOKEN` or +`M_UNKNOWN_TOKEN`. + #### Pinging {{% added-in v="1.7" %}} From fe3b3e1aee85471247924eabc69fa63043ad88a0 Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Tue, 12 Mar 2024 15:07:57 +0200 Subject: [PATCH 2/3] Adjust words slightly Signed-off-by: Tulir Asokan --- content/application-service-api.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/application-service-api.md b/content/application-service-api.md index 2ea82f22a..8f7083a39 100644 --- a/content/application-service-api.md +++ b/content/application-service-api.md @@ -437,8 +437,8 @@ an application service-defined namespace will receive the same defined the namespace as `exclusive`. If either endpoint is called with the `m.login.application_service` login type, -but without a valid `as_token`, the endpoints will return `M_MISSING_TOKEN` or -`M_UNKNOWN_TOKEN`. +but without a valid `as_token`, the endpoints will return an error with the +`M_MISSING_TOKEN` or `M_UNKNOWN_TOKEN` error code. #### Pinging From a4968992b75a78d149187e687522a88e73640495 Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Thu, 14 Mar 2024 23:16:33 +0200 Subject: [PATCH 3/3] Add HTTP status code and link to C-S spec Signed-off-by: Tulir Asokan --- content/application-service-api.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/content/application-service-api.md b/content/application-service-api.md index 8f7083a39..a7526e640 100644 --- a/content/application-service-api.md +++ b/content/application-service-api.md @@ -436,9 +436,11 @@ an application service-defined namespace will receive the same `M_EXCLUSIVE` error code, but only if the application service has defined the namespace as `exclusive`. -If either endpoint is called with the `m.login.application_service` login type, -but without a valid `as_token`, the endpoints will return an error with the -`M_MISSING_TOKEN` or `M_UNKNOWN_TOKEN` error code. +If `/register` or `/login` is called with the `m.login.application_service` +login type, but without a valid `as_token`, the endpoints will return an error +with the `M_MISSING_TOKEN` or `M_UNKNOWN_TOKEN` error code and 401 as the HTTP +status code. This is the same behavior as invalid auth in the client-server API +(see [Using access tokens](/client-server-api/#using-access-tokens)). #### Pinging