Remove exception for request/submitToken

pull/977/head
David Baker 5 years ago
parent bf8a1e5d5f
commit 701d340da1

@ -68,7 +68,6 @@ be dropped from all endpoints.
Any request to any endpoint within `/_matrix/identity/v2`, with the exception
of:
* `/_matrix/identity/v2`
* any `requestToken` or `submitToken` endpoint
* The new `$prefix/account/register` endpoint
* The new `GET /_matrix/identity/v2/terms`
* `$prefix/logout`
@ -77,13 +76,6 @@ of:
This indicates that the user must authenticate with OpenID and supply a valid
`access_token`.
`requestToken` and `submitToken` endpoints are excluded from the auth check
because they are used in the registration process before the user has an MXID
and therefore cannot log in with OpenID. It is up to the IS to manage its
privacy obligations appropriately when fulfilling these requests, bearing in
mind that the user has not explicitly indicated their agreement to any
documents, and may abort the registration process without doing so.
All other endpoints require authentication by the client supplying an access token
either via an `Authorization` header with a `Bearer` token or an `access_token`
query parameter.

Loading…
Cancel
Save