Specify token used in /login is not an Access Token (#1155)

* Specify token used in /login is not an Access Token

While working through the implementation of /login in Dendrite, it was
confusing what the contents of the token attribute in the login request
body referred to. Initially, I thought it was an access token, which led
to further confusion. This commit explicitly states that the token is a
login token, which is separate from an access token, hopefully reducing
confusion for future readers.

Signed-off-by: Andrew Morgan (https://amorgan.xyz) <andrew@amorgan.xyz>

api/client-server/login.yaml

@@ -75,7 +75,7 @@ paths:
               token:
                 type: string
                 description: |-
-                  Required when ``type`` is ``m.login.token``. The login token.
+                  Required when ``type`` is ``m.login.token``. Part of `Token-based`_ login.
               device_id:
                 type: string
                 description: |-

specification/client_server_api.rst

@@ -510,8 +510,9 @@ To use this authentication type, clients should submit an auth dict as follows:
 The ``nonce`` should be a random string generated by the client for the
 request. The same ``nonce`` should be used if retrying the request.
 
-There are many ways a client may receive a ``token``, including via an email or
+A client may receive a login ``token`` via some external service, such as email
-from an existing logged in device.
+or SMS. Note that a login token is separate from an access token, the latter
+providing general authentication to various API endpoints.
 
 The ``txn_id`` may be used by the server to disallow other devices from using
 the token, thus providing "single use" tokens while still allowing the device