From 4278cd56a40f4d81037dbba033e7a19af1c2f42c Mon Sep 17 00:00:00 2001
From: Travis Ralston <travpc@gmail.com>
Date: Sun, 27 May 2018 11:45:36 -0600
Subject: [PATCH] Document /logout/all

Fixes https://github.com/matrix-org/matrix-doc/issues/700

Signed-off-by: Travis Ralston <travpc@gmail.com>
---
 api/client-server/logout.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/api/client-server/logout.yaml b/api/client-server/logout.yaml
index 3a2f71e9..2dfd6d97 100644
--- a/api/client-server/logout.yaml
+++ b/api/client-server/logout.yaml
@@ -44,3 +44,26 @@ paths:
             properties: {}
       tags:
         - Session management
+  "/logout/all":
+    post:
+      summary: Invalidates all access tokens for a user
+      description: |-
+        Invalidates all access tokens for a user, so that they can no longer be used for
+        authorization. This includes the access token that made this request. 
+
+        This endpoint does not require UI authorization because UI authorization is
+        designed to protect against attacks where the someone gets hold of a single access
+        token then takes over the account. This endpoint invalidates all access tokens for
+        the user, including the token used in the request, and therefore the attacker is
+        unable to take over the account in this way.
+      operationId: logout_all
+      security:
+        - accessToken: []
+      responses:
+        200:
+          description: The user's access tokens were succesfully invalidated.
+          schema:
+            type: object
+            properties: {}
+      tags:
+        - Session management