Clarify that submit_url is without authentication

The request is authorized by its parameters, not by an additional access token.

Fixes https://github.com/matrix-org/matrix-doc/issues/2298
pull/977/head
Travis Ralston 5 years ago
parent ae163ab818
commit e95eafb2ba

@ -157,9 +157,10 @@ paths:
An optional field containing a URL where the client must An optional field containing a URL where the client must
submit the validation token to, with identical parameters submit the validation token to, with identical parameters
to the Identity Service API's ``POST to the Identity Service API's ``POST
/validate/email/submitToken`` endpoint. The homeserver must /validate/email/submitToken`` endpoint (without the requirement
send this token to the user (if applicable), who should for an access token). The homeserver must send this token to the
then be prompted to provide it to the client. user (if applicable), who should then be prompted to provide it
to the client.
If this field is not present, the client can assume that If this field is not present, the client can assume that
verification will happen without the client's involvement verification will happen without the client's involvement

@ -25,9 +25,9 @@ properties:
description: |- description: |-
An optional field containing a URL where the client must submit the An optional field containing a URL where the client must submit the
validation token to, with identical parameters to the Identity Service validation token to, with identical parameters to the Identity Service
API's ``POST /validate/email/submitToken`` endpoint. The homeserver must API's ``POST /validate/email/submitToken`` endpoint (without the requirement
send this token to the user (if applicable), who should then be for an access token). The homeserver must send this token to the user (if
prompted to provide it to the client. applicable), who should then be prompted to provide it to the client.
If this field is not present, the client can assume that verification If this field is not present, the client can assume that verification
will happen without the client's involvement provided the homeserver will happen without the client's involvement provided the homeserver

Loading…
Cancel
Save