diff --git a/specification/client_server_api.rst b/specification/client_server_api.rst
index 4b7065b3..3ea1411e 100644
--- a/specification/client_server_api.rst
+++ b/specification/client_server_api.rst
@@ -407,8 +407,9 @@ an additional stage. This exchange continues until the final success.
 For each endpoint, a server offers one or more 'flows' that the client can use
 to authenticate itself. Each flow comprises a series of stages, as described
 above. The client is free to choose which flow it follows, however the flow's
-stages must be completed in order. When all stages in a flow are complete,
-authentication is complete and the API call succeeds.
+stages must be completed in order. Failing to follow the flows in order must
+result in an HTTP 401 response, as defined below. When all stages in a flow
+are complete, authentication is complete and the API call succeeds.
 
 User-interactive API in the REST API
 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<