Specify token used in /login is not an Access Token (#1155)

* Specify token used in /login is not an Access Token

While working through the implementation of /login in Dendrite, it was
confusing what the contents of the token attribute in the login request
body referred to. Initially, I thought it was an access token, which led
to further confusion. This commit explicitly states that the token is a
login token, which is separate from an access token, hopefully reducing
confusion for future readers.

Signed-off-by: Andrew Morgan (https://amorgan.xyz) <andrew@amorgan.xyz>
pull/977/head
Andrew Morgan 7 years ago committed by Richard van der Hoff
parent 8e97ec8bad
commit cd26c170de

@ -75,7 +75,7 @@ paths:
token:
type: string
description: |-
Required when ``type`` is ``m.login.token``. The login token.
Required when ``type`` is ``m.login.token``. Part of `Token-based`_ login.
device_id:
type: string
description: |-

@ -510,8 +510,9 @@ To use this authentication type, clients should submit an auth dict as follows:
The ``nonce`` should be a random string generated by the client for the
request. The same ``nonce`` should be used if retrying the request.
There are many ways a client may receive a ``token``, including via an email or
from an existing logged in device.
A client may receive a login ``token`` via some external service, such as email
or SMS. Note that a login token is separate from an access token, the latter
providing general authentication to various API endpoints.
The ``txn_id`` may be used by the server to disallow other devices from using
the token, thus providing "single use" tokens while still allowing the device

Loading…
Cancel
Save