diff --git a/changelogs/client_server/newsfragments/2042.clarification b/changelogs/client_server/newsfragments/2042.clarification
new file mode 100644
index 00000000..4e17b99f
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2042.clarification
@@ -0,0 +1 @@
+Clarify that login flows are meant to be completed in order.
diff --git a/specification/client_server_api.rst b/specification/client_server_api.rst
index a8bbfca0..4b7065b3 100644
--- a/specification/client_server_api.rst
+++ b/specification/client_server_api.rst
@@ -406,8 +406,9 @@ an additional stage. This exchange continues until the final success.
 
 For each endpoint, a server offers one or more 'flows' that the client can use
 to authenticate itself. Each flow comprises a series of stages, as described
-above. The client is free to choose which flow it follows. When all stages in a
-flow are complete, authentication is complete and the API call succeeds.
+above. The client is free to choose which flow it follows, however the flow's
+stages must be completed in order. When all stages in a flow are complete,
+authentication is complete and the API call succeeds.
 
 User-interactive API in the REST API
 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<