diff --git a/specification/1-client_server_api.rst b/specification/1-client_server_api.rst
index 7f967337..e3817046 100644
--- a/specification/1-client_server_api.rst
+++ b/specification/1-client_server_api.rst
@@ -234,7 +234,7 @@ Token-based
 :Type:
   ``m.login.token``
 :Description:
-  The client submits a username and token that was generated by the server.
+  The client submits a username and token.
 
 To respond to this type, reply with an auth dict as follows::
 
@@ -248,9 +248,8 @@ To respond to this type, reply with an auth dict as follows::
 The ``nonce`` should be a random string generated by the client for the
 request. The same ``nonce`` should be used if retrying the request.
 
-The ``token`` may be discovered from e.g. an email or dynamically generated QR
-code.
-
+There are many ways a client may receive a ``token``, including via an email or
+from an existing logged in device.
 
 OAuth2-based
 ~~~~~~~~~~~~