archive
/
matrix-spec
mirror of https://github.com/matrix-org/matrix-spec
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clarify that per-request UIA for /login/get_token is an RFC 2119 MUST requirement (#1846)

Browse Source 
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
pull/1848/head
Johannes Marbach 6 months ago committed by GitHub
parent 1e303b3bbc
commit 5a86e384dd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File

1
changelogs/client_server/newsfragments/1846.clarification
Unescape Escape View File

@ -0,0 +1 @@
Clarify that per-request UIA for /login/get_token is an RFC 2119 MUST requirement.

2
data/api/client-server/login_token.yaml
Unescape Escape View File

@ -45,7 +45,7 @@ paths:
intend to log in multiple devices must generate a token for each. intend to log in multiple devices must generate a token for each.
With other User-Interactive Authentication (UIA)-supporting endpoints, servers sometimes do not re-prompt With other User-Interactive Authentication (UIA)-supporting endpoints, servers sometimes do not re-prompt
for verification if the session recently passed UIA. For this endpoint, servers should always re-prompt for verification if the session recently passed UIA. For this endpoint, servers MUST always re-prompt
the user for verification to ensure explicit consent is gained for each additional client. the user for verification to ensure explicit consent is gained for each additional client.
Servers are encouraged to apply stricter than normal rate limiting to this endpoint, such as maximum Servers are encouraged to apply stricter than normal rate limiting to this endpoint, such as maximum

Write Preview
Loading…
Cancel
Save