diff --git a/changelogs/client_server/newsfragments/1843.clarification b/changelogs/client_server/newsfragments/1843.clarification new file mode 100644 index 00000000..7ccfe4a7 --- /dev/null +++ b/changelogs/client_server/newsfragments/1843.clarification @@ -0,0 +1 @@ +Clarify that an access token is optional on the `POST /account/password` and `POST /account/deactivate` endpoints. \ No newline at end of file diff --git a/data/api/client-server/registration.yaml b/data/api/client-server/registration.yaml index afd30459..84aef5b1 100644 --- a/data/api/client-server/registration.yaml +++ b/data/api/client-server/registration.yaml @@ -387,6 +387,7 @@ paths: access token provided in the request. Whether other access tokens for the user are revoked depends on the request parameters. security: + - {} - accessTokenQuery: [] - accessTokenBearer: [] operationId: changePassword @@ -592,6 +593,7 @@ paths: parameter because the homeserver is expected to sign the request to the identity server instead. security: + - {} - accessTokenQuery: [] - accessTokenBearer: [] operationId: deactivateAccount