|
|
|
|
@ -63,7 +63,19 @@ paths:
|
|
|
|
|
description: The fully-qualified Matrix ID that has been registered.
|
|
|
|
|
access_token:
|
|
|
|
|
type: string
|
|
|
|
|
description: An access token for the account. This access token can then be used to authorize other requests.
|
|
|
|
|
description: |-
|
|
|
|
|
An access token for the account.
|
|
|
|
|
This access token can then be used to authorize other requests.
|
|
|
|
|
The access token may expire at some point, and if so, it SHOULD come with a refresh_token.
|
|
|
|
|
There is no specific error message to indicate that a request has failed because
|
|
|
|
|
an access token has expired; instead, if a client has reason to believe its
|
|
|
|
|
access token is valid, and it receives an auth error, they should attempt to
|
|
|
|
|
refresh for a new token on failure, and retry the request with the new token.
|
|
|
|
|
refresh_token:
|
|
|
|
|
type: string
|
|
|
|
|
# TODO: Work out how to linkify /tokenrefresh
|
|
|
|
|
description: |-
|
|
|
|
|
(optional) A ``refresh_token`` may be exchanged for a new ``access_token`` using the /tokenrefresh API endpoint.
|
|
|
|
|
home_server:
|
|
|
|
|
type: string
|
|
|
|
|
description: The hostname of the Home Server on which the account has been registered.
|
|
|
|
|
@ -77,3 +89,60 @@ paths:
|
|
|
|
|
description: This request was rate-limited.
|
|
|
|
|
schema:
|
|
|
|
|
"$ref": "definitions/error.yaml"
|
|
|
|
|
"/tokenrefresh":
|
|
|
|
|
post:
|
|
|
|
|
summary: Exchanges a refresh token for an access token.
|
|
|
|
|
description: |-
|
|
|
|
|
Exchanges a refresh token for a new access token.
|
|
|
|
|
This is intended to be used if the access token has expired.
|
|
|
|
|
security:
|
|
|
|
|
- accessToken: []
|
|
|
|
|
parameters:
|
|
|
|
|
- in: body
|
|
|
|
|
name: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
type: object
|
|
|
|
|
example: |-
|
|
|
|
|
{
|
|
|
|
|
"refresh_token": "a1b2c3"
|
|
|
|
|
}
|
|
|
|
|
properties:
|
|
|
|
|
refresh_token:
|
|
|
|
|
type: string
|
|
|
|
|
description: The refresh token which was issued by the server.
|
|
|
|
|
required: ["refresh_token"]
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: |-
|
|
|
|
|
The refresh token was accepted, and a new access token has been issued.
|
|
|
|
|
The passed refresh token is no longer valid, and cannot be used.
|
|
|
|
|
A new refresh token may have been returned.
|
|
|
|
|
examples:
|
|
|
|
|
application/json: |-
|
|
|
|
|
{
|
|
|
|
|
"access_token": "bearwithme123",
|
|
|
|
|
"refresh_token": "exchangewithme987"
|
|
|
|
|
}
|
|
|
|
|
schema:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
access_token:
|
|
|
|
|
type: string
|
|
|
|
|
description: |-
|
|
|
|
|
An access token for the account.
|
|
|
|
|
This access token can then be used to authorize other requests.
|
|
|
|
|
The access token may expire at some point, and if so, it SHOULD come with a refresh_token.
|
|
|
|
|
refresh_token:
|
|
|
|
|
type: string
|
|
|
|
|
description: (optional) A ``refresh_token`` may be exchanged for a new ``access_token`` using the TODO Linkify /tokenrefresh API endpoint.
|
|
|
|
|
403:
|
|
|
|
|
description: |-
|
|
|
|
|
The exchange attempt failed. For example, the refresh token may have already been used.
|
|
|
|
|
examples:
|
|
|
|
|
application/json: |-
|
|
|
|
|
{"errcode": "M_FORBIDDEN"}
|
|
|
|
|
429:
|
|
|
|
|
description: This request was rate-limited.
|
|
|
|
|
schema:
|
|
|
|
|
"$ref": "definitions/error.yaml"
|
|
|
|
|
|
Daniel Wagner-Hall
9 years ago