From 221d9f24fd5699c78072feeab335c9a389a4de41 Mon Sep 17 00:00:00 2001
From: Travis Ralston <travpc@gmail.com>
Date: Sun, 26 May 2019 21:30:55 -0600
Subject: [PATCH 1/2] Clarify that logging out deletes devices too

Fixes https://github.com/matrix-org/matrix-doc/issues/1651
---
 api/client-server/logout.yaml                             | 5 +++--
 changelogs/client_server/newsfragments/2028.clarification | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/client_server/newsfragments/2028.clarification

diff --git a/api/client-server/logout.yaml b/api/client-server/logout.yaml
index 2dfd6d97..8451f739 100644
--- a/api/client-server/logout.yaml
+++ b/api/client-server/logout.yaml
@@ -32,7 +32,7 @@ paths:
       summary: Invalidates a user access token
       description: |-
         Invalidates an existing access token, so that it can no longer be used for
-        authorization.
+        authorization. The device associated with the access token is also deleted.
       operationId: logout
       security:
         - accessToken: []
@@ -49,7 +49,8 @@ paths:
       summary: Invalidates all access tokens for a user
       description: |-
         Invalidates all access tokens for a user, so that they can no longer be used for
-        authorization. This includes the access token that made this request. 
+        authorization. This includes the access token that made this request. All devices
+        for the user are also deleted.
 
         This endpoint does not require UI authorization because UI authorization is
         designed to protect against attacks where the someone gets hold of a single access
diff --git a/changelogs/client_server/newsfragments/2028.clarification b/changelogs/client_server/newsfragments/2028.clarification
new file mode 100644
index 00000000..75e21e74
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2028.clarification
@@ -0,0 +1 @@
+Clarify that devices are deleted upon logout.

From a30dbc590da00727e71920af0df7f5e140783aba Mon Sep 17 00:00:00 2001
From: Travis Ralston <travpc@gmail.com>
Date: Sun, 26 May 2019 21:39:09 -0600
Subject: [PATCH 2/2] Clarify that e2e keys are also obliterated

---
 api/client-server/logout.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/client-server/logout.yaml b/api/client-server/logout.yaml
index 8451f739..75a3ec87 100644
--- a/api/client-server/logout.yaml
+++ b/api/client-server/logout.yaml
@@ -33,6 +33,7 @@ paths:
       description: |-
         Invalidates an existing access token, so that it can no longer be used for
         authorization. The device associated with the access token is also deleted.
+        `Device keys <#device-keys>`_ for the device are deleted alongside the device.
       operationId: logout
       security:
         - accessToken: []
@@ -50,7 +51,8 @@ paths:
       description: |-
         Invalidates all access tokens for a user, so that they can no longer be used for
         authorization. This includes the access token that made this request. All devices
-        for the user are also deleted.
+        for the user are also deleted. `Device keys <#device-keys>`_ for the device are
+        deleted alongside the device.
 
         This endpoint does not require UI authorization because UI authorization is
         designed to protect against attacks where the someone gets hold of a single access