Clarify that an access token is optional on /account/password and /account/deactivate (#1843)

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr> Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2026-01-03 22:43:43 +01:00 · 2024-06-18 17:59:26 +02:00 · 2024-06-18 17:59:26 +02:00 · 4e32fca05f
parent 6dfab46268
commit 4e32fca05f
2 changed files with 3 additions and 0 deletions
--- a/changelogs/client_server/newsfragments/1843.clarification
+++ b/changelogs/client_server/newsfragments/1843.clarification
@ -0,0 +1 @@
+Clarify that an access token is optional on the `POST /account/password` and `POST /account/deactivate` endpoints.
--- a/data/api/client-server/registration.yaml
+++ b/data/api/client-server/registration.yaml
@ -387,6 +387,7 @@ paths:
        access token provided in the request. Whether other access tokens for
        the user are revoked depends on the request parameters.
      security:
+        - {}
        - accessTokenQuery: []
        - accessTokenBearer: []
      operationId: changePassword
@ -592,6 +593,7 @@ paths:
        parameter because the homeserver is expected to sign the request to the
        identity server instead.
      security:
+        - {}
        - accessTokenQuery: []
        - accessTokenBearer: []
      operationId: deactivateAccount
				`@ -0,0 +1 @@`
				Clarify that an access token is optional on the `POST /account/password` and `POST /account/deactivate` endpoints.