diff --git a/content/client-server-api/_index.md b/content/client-server-api/_index.md index 5f2740b9..4f82c9a8 100644 --- a/content/client-server-api/_index.md +++ b/content/client-server-api/_index.md @@ -391,8 +391,8 @@ should be used when the access token needs to be refreshed. The old refresh token remains valid until the new access token or refresh token is used, at which point the old refresh token is revoked. This ensures that if -a client fails to receive or persist the new tokens, it will still be able to -refresh them. +a client fails to receive or persist the new tokens, it will be able to repeat +the refresh operation. If the token refresh fails and the error response included a `soft_logout: true` property, then the client can treat it as a [soft logout](#soft-logout) diff --git a/data/api/client-server/login.yaml b/data/api/client-server/login.yaml index 3eb1e0d2..d279445d 100644 --- a/data/api/client-server/login.yaml +++ b/data/api/client-server/login.yaml @@ -184,7 +184,7 @@ paths: The lifetime of the access token, in milliseconds. Once the access token has expired a new access token can be obtained by using the provided refresh token. If no - refresh token is provided, the client will need re-log in + refresh token is provided, the client will need to re-log in to obtain a new access token. If not given, the client can assume that the access token will not expire. x-addedInMatrixVersion: "1.3" diff --git a/data/api/client-server/refresh.yaml b/data/api/client-server/refresh.yaml index 273e6d6a..29013c15 100644 --- a/data/api/client-server/refresh.yaml +++ b/data/api/client-server/refresh.yaml @@ -45,8 +45,8 @@ paths: The old refresh token remains valid until the new access token or refresh token is used, at which point the old refresh token is revoked. - Note that this endpoint does not require authentication, since - authentication is provided via the refresh token. + Note that this endpoint does not require authentication via an + access token. Authentication is provided via the refresh token. Application Service identity assertion is disabled for this endpoint. operationId: refresh diff --git a/data/api/client-server/registration.yaml b/data/api/client-server/registration.yaml index 7e6a34cd..21fc1b84 100644 --- a/data/api/client-server/registration.yaml +++ b/data/api/client-server/registration.yaml @@ -173,7 +173,7 @@ paths: The lifetime of the access token, in milliseconds. Once the access token has expired a new access token can be obtained by using the provided refresh token. If no - refresh token is provided, the client will need re-log in + refresh token is provided, the client will need to re-log in to obtain a new access token. If not given, the client can assume that the access token will not expire.