diff --git a/api/client-server/logout.yaml b/api/client-server/logout.yaml index eb84a739..747a57b9 100644 --- a/api/client-server/logout.yaml +++ b/api/client-server/logout.yaml @@ -54,11 +54,12 @@ paths: for the user are also deleted. `Device keys <#device-keys>`_ for the device are deleted alongside the device. - This endpoint does not require UI authorization because UI authorization is - designed to protect against attacks where the someone gets hold of a single access - token then takes over the account. This endpoint invalidates all access tokens for - the user, including the token used in the request, and therefore the attacker is - unable to take over the account in this way. + This endpoint does not use the `User-Interactive Authentication API`_ because + User-Interactive Authentication is designed to protect against attacks where the + someone gets hold of a single access token then takes over the account. This + endpoint invalidates all access tokens for the user, including the token used in + the request, and therefore the attacker is unable to take over the account in + this way. operationId: logout_all security: - accessToken: [] diff --git a/changelogs/client_server/2667.clarification b/changelogs/client_server/2667.clarification new file mode 100644 index 00000000..0eb9ad3c --- /dev/null +++ b/changelogs/client_server/2667.clarification @@ -0,0 +1 @@ +Reword "UI Authorization" to "User-Interactive Authentication" to be more clear. diff --git a/specification/client_server_api.rst b/specification/client_server_api.rst index 27cbe8c5..edac25ad 100644 --- a/specification/client_server_api.rst +++ b/specification/client_server_api.rst @@ -1090,8 +1090,7 @@ Login A client can obtain access tokens using the ``/login`` API. -Note that this endpoint does `not` currently use the user-interactive -authentication API. +Note that this endpoint does `not` currently use the `User-Interactive Authentication API`_. For a simple username/password login, clients should submit a ``/login`` request as follows: