Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-04-19 17:44:08 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Add warnings about incompatibility with OAuth 2.0 to endpoints that use UIA

Browse source 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
This commit is contained in:
Kévin Commaille 2025-06-21 09:32:32 +02:00
parent e864a20025
commit 8464edcb2d
No known key found for this signature in database
GPG key ID: F26F4BE20A08255B
3 changed files with 23 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
data/api/client-server/administrative_contact.yaml
View file

@ -201,6 +201,11 @@ paths:
Homeservers should prevent the caller from adding a 3PID to their account if it has
already been added to another user's account on the homeserver.
{{% boxes/warning %}}
Since this endpoint uses UIA, it cannot be used when the access token was obtained
via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
{{% /boxes/warning %}}
operationId: add3PID
security:
- accessTokenQuery: []

5
data/api/client-server/cross_signing.yaml
View file

@ -39,6 +39,11 @@ paths:
they already exist. Allowing clients to upload the same set of keys more than once
makes this endpoint idempotent in the case where the response is lost over the network,
which would otherwise cause a UIA challenge upon retry.
{{% boxes/warning %}}
When this endpoint requires UIA, it cannot be used when the access token was obtained
via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
{{% /boxes/warning %}}
operationId: uploadCrossSigningKeys
security:
- accessTokenQuery: []

10
data/api/client-server/device_management.yaml
View file

@ -137,6 +137,11 @@ paths:
This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
Deletes the given device, and invalidates any access token associated with it.
{{% boxes/warning %}}
Since this endpoint uses UIA, it cannot be used when the access token was obtained
via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
{{% /boxes/warning %}}
operationId: deleteDevice
security:
- accessTokenQuery: []
@ -189,6 +194,11 @@ paths:
This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
Deletes the given devices, and invalidates any access token associated with them.
{{% boxes/warning %}}
Since this endpoint uses UIA, it cannot be used when the access token was obtained
via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
{{% /boxes/warning %}}
operationId: deleteDevices
security:
- accessTokenQuery: []