profile.yaml: force sending access token on all requests

KitsuneRal · KitsuneRal · commit 7152e8f63ff9 · 2024-10-15T17:47:39.000+02:00
...to make sure those don't end up with 403 in cases like quotient-im/libQuotient#797
diff --git a/data/api/client-server/profile.yaml b/data/api/client-server/profile.yaml
@@ -75,6 +75,9 @@ paths:
         own displayname or to query the name of other users; either locally or
         on remote homeservers.
       operationId: getDisplayName
+      security:
+        - accessTokenQuery: []
+        - accessTokenBearer: []
       parameters:
         - in: path
           name: userId
@@ -178,6 +181,9 @@ paths:
         own avatar URL or to query the URL of other users; either locally or
         on remote homeservers.
       operationId: getAvatarUrl
+      security:
+        - accessTokenQuery: []
+        - accessTokenBearer: []
       parameters:
         - in: path
           name: userId
@@ -229,6 +235,9 @@ paths:
         to fetch the user's own profile information or other users; either
         locally or on remote homeservers.
       operationId: getUserProfile
+      security:
+        - accessTokenQuery: []
+        - accessTokenBearer: []
       parameters:
         - in: path
           name: userId
