Merge pull request #2523 from matrix-org/clokep/passwd-invalidation-spec

Add an additional parameter to the modify password API per MSC2457.
4 years ago · 8b4cfc643f
parent 8ba6d0157b 1e330c9423
commit 8b4cfc643f
2 changed files with 9 additions and 2 deletions
--- a/api/client-server/registration.yaml
+++ b/api/client-server/registration.yaml
@ -328,8 +328,8 @@ paths:

        The homeserver may change the flows available depending on whether a
        valid access token is provided. The homeserver SHOULD NOT revoke the
-        access token provided in the request, however all other access tokens
-        for the user should be revoked if the request succeeds.
+        access token provided in the request. Whether other access tokens for
+        the user are revoked depends on the request parameters.
      security:
        - accessToken: []
      operationId: changePassword
@ -343,6 +343,12 @@ paths:
                type: string
                description: The new password for the account.
                example: "ihatebananas"
+              logout_devices:
+                type: boolean
+                description: |-
+                  Whether the other access tokens, and their associated devices, for the user should be 
+                  revoked if the request succeeds. Defaults to true.
+                example: true
              auth:
                description: |-
                  Additional authentication information for the user-interactive authentication API.
--- a/changelogs/client_server/newsfragments/2523.feature
+++ b/changelogs/client_server/newsfragments/2523.feature
@ -0,0 +1 @@
+Optionally invalidate other access tokens during password modification per `MSC2457 <https://github.com/matrix-org/matrix-doc/pull/2457>`_.
				`@ -0,0 +1 @@`
				Optionally invalidate other access tokens during password modification per `MSC2457 <https://github.com/matrix-org/matrix-doc/pull/2457>`_.