matrix-spec/data/api/client-server/logout.yaml

# Copyright 2016 OpenMarket Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
openapi: 3.1.0
info:
  title: Matrix Client-Server Registration and Login API
  version: 1.0.0
paths:
  /logout:
    post:
      summary: Invalidates a user access token
      description: |-
        Invalidates an existing access token, so that it can no longer be used for
        authorization. The device associated with the access token is also deleted.
        [Device keys](/client-server-api/#device-keys) for the device are deleted alongside the device.
      operationId: logout
      security:
        - accessTokenQuery: []
        - accessTokenBearer: []
      responses:
        "200":
          description: The access token used in the request was successfully invalidated.
          content:
            application/json:
              schema:
                type: object
                properties: {}
      tags:
        - Session management
  /logout/all:
    post:
      summary: Invalidates all access tokens for a user
      description: |-
        Invalidates all access tokens for a user, so that they can no longer be used for
        authorization. This includes the access token that made this request. All devices
        for the user are also deleted. [Device keys](/client-server-api/#device-keys) for the device are
        deleted alongside the device.

        This endpoint does not use the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api) because
        User-Interactive Authentication is designed to protect against attacks where the
        someone gets hold of a single access token then takes over the account. This
        endpoint invalidates all access tokens for the user, including the token used in
        the request, and therefore the attacker is unable to take over the account in
        this way.
      operationId: logout_all
      security:
        - accessTokenQuery: []
        - accessTokenBearer: []
      responses:
        "200":
          description: The user's access tokens were successfully invalidated.
          content:
            application/json:
              schema:
                type: object
                properties: {}
      tags:
        - Session management
servers:
  - url: "{protocol}://{hostname}{basePath}"
    variables:
      protocol:
        enum:
          - http
          - https
        default: https
      hostname:
        default: localhost:8008
      basePath:
        default: /_matrix/client/v3
components:
  securitySchemes:
    accessTokenQuery:
      $ref: definitions/security.yaml#/accessTokenQuery
    accessTokenBearer:
      $ref: definitions/security.yaml#/accessTokenBearer
Add a license to the spec We're licensing hte spec under ASLv2. Add the LICENSE file, and add the short-form to as much of the source as is practical right now (adding it to json source is a massive pita). 8 years ago			`# Copyright 2016 OpenMarket Ltd`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
Upgrade Swagger data to OpenAPI 3.1 (#1310) Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> 1 year ago			`openapi: 3.1.0`
Document the /logout api We have one, and it's useful, so we really ought to document it 9 years ago			`info:`
Upgrade Swagger data to OpenAPI 3.1 (#1310) Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> 1 year ago			`title: Matrix Client-Server Registration and Login API`
			`version: 1.0.0`
Document the /logout api We have one, and it's useful, so we really ought to document it 9 years ago			`paths:`
Upgrade Swagger data to OpenAPI 3.1 (#1310) Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> 1 year ago			`/logout:`
Document the /logout api We have one, and it's useful, so we really ought to document it 9 years ago			`post:`
			`summary: Invalidates a user access token`
			`description: \|-`
			`Invalidates an existing access token, so that it can no longer be used for`
Clarify that logging out deletes devices too Fixes https://github.com/matrix-org/matrix-doc/issues/1651 6 years ago			`authorization. The device associated with the access token is also deleted.`
Fix links in data 4 years ago			`[Device keys](/client-server-api/#device-keys) for the device are deleted alongside the device.`
Add operationId to all endpoints of all APIs To facilitate generation of API stubs from the spec. Signed-off-by: Alexey Rusakov <ktirf@users.sf.net> 7 years ago			`operationId: logout`
Document the /logout api We have one, and it's useful, so we really ought to document it 9 years ago			`security:`
Fix security schemes in OpenAPI definitions (#1772) 7 months ago			`- accessTokenQuery: []`
			`- accessTokenBearer: []`
Document the /logout api We have one, and it's useful, so we really ought to document it 9 years ago			`responses:`
Upgrade Swagger data to OpenAPI 3.1 (#1310) Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> 1 year ago			`"200":`
Fix typos and clarify the user ID in login sections 4 years ago			`description: The access token used in the request was successfully invalidated.`
Upgrade Swagger data to OpenAPI 3.1 (#1310) Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> 1 year ago			`content:`
			`application/json:`
			`schema:`
			`type: object`
			`properties: {}`
Document the /logout api We have one, and it's useful, so we really ought to document it 9 years ago			`tags:`
			`- Session management`
Upgrade Swagger data to OpenAPI 3.1 (#1310) Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> 1 year ago			`/logout/all:`
Document /logout/all Fixes https://github.com/matrix-org/matrix-doc/issues/700 Signed-off-by: Travis Ralston <travpc@gmail.com> 7 years ago			`post:`
			`summary: Invalidates all access tokens for a user`
			`description: \|-`
			`Invalidates all access tokens for a user, so that they can no longer be used for`
Clarify that logging out deletes devices too Fixes https://github.com/matrix-org/matrix-doc/issues/1651 6 years ago			`authorization. This includes the access token that made this request. All devices`
Fix links in data 4 years ago			`for the user are also deleted. [Device keys](/client-server-api/#device-keys) for the device are`
Clarify that e2e keys are also obliterated 6 years ago			`deleted alongside the device.`
Document /logout/all Fixes https://github.com/matrix-org/matrix-doc/issues/700 Signed-off-by: Travis Ralston <travpc@gmail.com> 7 years ago
Fix links in data 4 years ago			`This endpoint does not use the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api) because`
Reword "UI Authorization" to "User-Interactive Authentication" (#2667) Signed-off-by: Aaron Raimist <aaron@raim.ist> 4 years ago			`User-Interactive Authentication is designed to protect against attacks where the`
			`someone gets hold of a single access token then takes over the account. This`
			`endpoint invalidates all access tokens for the user, including the token used in`
			`the request, and therefore the attacker is unable to take over the account in`
			`this way.`
Document /logout/all Fixes https://github.com/matrix-org/matrix-doc/issues/700 Signed-off-by: Travis Ralston <travpc@gmail.com> 7 years ago			`operationId: logout_all`
			`security:`
Fix security schemes in OpenAPI definitions (#1772) 7 months ago			`- accessTokenQuery: []`
			`- accessTokenBearer: []`
Document /logout/all Fixes https://github.com/matrix-org/matrix-doc/issues/700 Signed-off-by: Travis Ralston <travpc@gmail.com> 7 years ago			`responses:`
Upgrade Swagger data to OpenAPI 3.1 (#1310) Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> 1 year ago			`"200":`
Fix typos and clarify the user ID in login sections 4 years ago			`description: The user's access tokens were successfully invalidated.`
Upgrade Swagger data to OpenAPI 3.1 (#1310) Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> 1 year ago			`content:`
			`application/json:`
			`schema:`
			`type: object`
			`properties: {}`
Document /logout/all Fixes https://github.com/matrix-org/matrix-doc/issues/700 Signed-off-by: Travis Ralston <travpc@gmail.com> 7 years ago			`tags:`
			`- Session management`
Upgrade Swagger data to OpenAPI 3.1 (#1310) Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> 1 year ago			`servers:`
			`- url: "{protocol}://{hostname}{basePath}"`
			`variables:`
			`protocol:`
			`enum:`
			`- http`
			`- https`
			`default: https`
			`hostname:`
			`default: localhost:8008`
			`basePath:`
			`default: /_matrix/client/v3`
			`components:`
			`securitySchemes:`
Fix security schemes in OpenAPI definitions (#1772) 7 months ago			`accessTokenQuery:`
			`$ref: definitions/security.yaml#/accessTokenQuery`
			`accessTokenBearer:`
			`$ref: definitions/security.yaml#/accessTokenBearer`