Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-03-23 19:44:09 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Clarify that per-request UIA for /login/get_token is an RFC 2119 MUST requirement

Browse source 
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
This commit is contained in:
Johannes Marbach 2024-06-07 10:26:41 +02:00
parent 1e303b3bbc
commit 61eae6dd68
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
data/api/client-server/login_token.yaml
View file

@ -45,7 +45,7 @@ paths:
intend to log in multiple devices must generate a token for each.
With other User-Interactive Authentication (UIA)-supporting endpoints, servers sometimes do not re-prompt
for verification if the session recently passed UIA. For this endpoint, servers should always re-prompt
for verification if the session recently passed UIA. For this endpoint, servers MUST always re-prompt
the user for verification to ensure explicit consent is gained for each additional client.
Servers are encouraged to apply stricter than normal rate limiting to this endpoint, such as maximum