Clarify that servers may not use M_USER_DEACTIVATED when they don't know who is asking

See: https://github.com/element-hq/synapse/issues/15747
3 weeks ago · 010a6b05cd
parent fe3f43a905
commit 010a6b05cd
1 changed files with 2 additions and 0 deletions
--- a/data/api/client-server/login.yaml
+++ b/data/api/client-server/login.yaml
@ -262,6 +262,8 @@ paths:
                or the requested device ID is the same as a cross-signing key
                ID.
              * `M_USER_DEACTIVATED`: The user has been deactivated.
+                Note that servers MAY choose not to use this error code and instead use `M_FORBIDDEN`,
+                particularly when the server can't authenticate the deactivated user.
          content:
            application/json:
              schema: