From 0580f5120693e2535920f5e57e4218e9467b7d18 Mon Sep 17 00:00:00 2001
From: Travis Ralston <travpc@gmail.com>
Date: Tue, 28 May 2019 12:49:50 -0600
Subject: [PATCH] Clarify that failing to follow the flows == 401

---
 specification/client_server_api.rst | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/specification/client_server_api.rst b/specification/client_server_api.rst
index 4b7065b3..3ea1411e 100644
--- a/specification/client_server_api.rst
+++ b/specification/client_server_api.rst
@@ -407,8 +407,9 @@ an additional stage. This exchange continues until the final success.
 For each endpoint, a server offers one or more 'flows' that the client can use
 to authenticate itself. Each flow comprises a series of stages, as described
 above. The client is free to choose which flow it follows, however the flow's
-stages must be completed in order. When all stages in a flow are complete,
-authentication is complete and the API call succeeds.
+stages must be completed in order. Failing to follow the flows in order must
+result in an HTTP 401 response, as defined below. When all stages in a flow
+are complete, authentication is complete and the API call succeeds.
 
 User-interactive API in the REST API
 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<