archive
/
matrix-spec
mirror of https://github.com/matrix-org/matrix-spec
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add rationale for UIA on change password, and how access tokens behave

Browse Source 
Fixes https://github.com/matrix-org/matrix-doc/issues/680
pull/977/head
Travis Ralston 6 years ago
parent 5c268ef21f
commit 1d33adf62d
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File

8
api/client-server/registration.yaml
Unescape Escape View File

@ -326,13 +326,17 @@ paths:
description: |- description: |-
Changes the password for an account on this homeserver. Changes the password for an account on this homeserver.
This API endpoint uses the `User-Interactive Authentication API`_. This API endpoint uses the `User-Interactive Authentication API`_ to
ensure the user changing the password is actually the owner of the
account.
An access token should be submitted to this endpoint if the client has An access token should be submitted to this endpoint if the client has
an active session. an active session.
The homeserver may change the flows available depending on whether a The homeserver may change the flows available depending on whether a
valid access token is provided. valid access token is provided. The homeserver SHOULD NOT revoke the
access token provided in the request, however all other access tokens
for the user should be revoked if the request succeeds.
security: security:
- accessToken: [] - accessToken: []
operationId: changePassword operationId: changePassword

1
changelogs/client_server/newsfragments/2027.clarification
Unescape Escape View File

@ -0,0 +1 @@
Clarify why User Interactive Auth is used on password changes and how access tokens are handled.
Write Preview
Loading…
Cancel
Save