From 4e32fca05fd89492a3acb82b7a2a922d155ee824 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Commaille?=
 <76261501+zecakeh@users.noreply.github.com>
Date: Tue, 18 Jun 2024 17:59:26 +0200
Subject: [PATCH] Clarify that an access token is optional on
 `/account/password` and `/account/deactivate` (#1843)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
---
 changelogs/client_server/newsfragments/1843.clarification | 1 +
 data/api/client-server/registration.yaml                  | 2 ++
 2 files changed, 3 insertions(+)
 create mode 100644 changelogs/client_server/newsfragments/1843.clarification

diff --git a/changelogs/client_server/newsfragments/1843.clarification b/changelogs/client_server/newsfragments/1843.clarification
new file mode 100644
index 00000000..7ccfe4a7
--- /dev/null
+++ b/changelogs/client_server/newsfragments/1843.clarification
@@ -0,0 +1 @@
+Clarify that an access token is optional on the `POST /account/password` and `POST /account/deactivate` endpoints.
\ No newline at end of file
diff --git a/data/api/client-server/registration.yaml b/data/api/client-server/registration.yaml
index afd30459..84aef5b1 100644
--- a/data/api/client-server/registration.yaml
+++ b/data/api/client-server/registration.yaml
@@ -387,6 +387,7 @@ paths:
         access token provided in the request. Whether other access tokens for
         the user are revoked depends on the request parameters.
       security:
+        - {}
         - accessTokenQuery: []
         - accessTokenBearer: []
       operationId: changePassword
@@ -592,6 +593,7 @@ paths:
         parameter because the homeserver is expected to sign the request to the
         identity server instead.
       security:
+        - {}
         - accessTokenQuery: []
         - accessTokenBearer: []
       operationId: deactivateAccount