From 61eae6dd68e626eb4fa4aeb80a94d186498e1e2a Mon Sep 17 00:00:00 2001
From: Johannes Marbach <n0-0ne+github@mailbox.org>
Date: Fri, 7 Jun 2024 10:26:41 +0200
Subject: [PATCH] Clarify that per-request UIA for /login/get_token is an RFC
 2119 MUST requirement

Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
---
 data/api/client-server/login_token.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/api/client-server/login_token.yaml b/data/api/client-server/login_token.yaml
index a8ab1248..19fa350e 100644
--- a/data/api/client-server/login_token.yaml
+++ b/data/api/client-server/login_token.yaml
@@ -45,7 +45,7 @@ paths:
         intend to log in multiple devices must generate a token for each.
 
         With other User-Interactive Authentication (UIA)-supporting endpoints, servers sometimes do not re-prompt
-        for verification if the session recently passed UIA. For this endpoint, servers should always re-prompt
+        for verification if the session recently passed UIA. For this endpoint, servers MUST always re-prompt
         the user for verification to ensure explicit consent is gained for each additional client.
 
         Servers are encouraged to apply stricter than normal rate limiting to this endpoint, such as maximum