diff --git a/proposals/2778-appservice-login.md b/proposals/2778-appservice-login.md
index 390e05478..3f79d8c30 100644
--- a/proposals/2778-appservice-login.md
+++ b/proposals/2778-appservice-login.md
@@ -47,11 +47,12 @@ If:
 
 - The access token is not provided
 - The access token does not correspond to a appservice
-- The access token does not correspond to a appservice that manages this user
 - Or the user has not previously been registered
 
 Then the servers should reject with HTTP 403, with an `errcode` of `"M_FORBIDDEN"`. 
 
+If the access token does not correspond to a appservice that manages this user, then the `errcode` should be `"M_EXCLUSIVE"`.
+
 Homeservers should ignore the `access_token` parameter if a type other than
 `m.login.application_service` has been provided.