archive
/
matrix-spec
mirror of https://github.com/matrix-org/matrix-spec
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clarify that the Authorization header is preferred

Browse Source
pull/977/head
Travis Ralston 6 years ago
parent b159f21857
commit ca87876f1b
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File

5
specification/client_server_api.rst
Unescape Escape View File

@ -207,6 +207,11 @@ support:
1. Via a query string parameter, ``access_token=TheTokenHere``.
#. Via a request header, ``Authorization: Bearer TheTokenHere``.
Clients are encouraged to use the ``Authorization`` header where possible
to prevent the access token being leaked in access/HTTP logs. The query
string should only be used in cases where the ``Authorization`` header is
unaccessible for the client.
When credentials are required but missing or invalid, the HTTP call will
return with a status of 401 and the error code, ``M_MISSING_TOKEN`` or
``M_UNKNOWN_TOKEN`` respectively.

Write Preview
Loading…
Cancel
Save