Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-03-01 09:14:10 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Clarify that submit_url is without authentication

Browse source 
The request is authorized by its parameters, not by an additional access token.

Fixes https://github.com/matrix-org/matrix-doc/issues/2298
This commit is contained in:
Travis Ralston 2019-11-04 15:17:51 -07:00
parent ae163ab818
commit e95eafb2ba
2 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
api/client-server/administrative_contact.yaml
View file

@ -157,9 +157,10 @@ paths:
An optional field containing a URL where the client must An optional field containing a URL where the client must
submit the validation token to, with identical parameters submit the validation token to, with identical parameters
to the Identity Service API's ``POST to the Identity Service API's ``POST
/validate/email/submitToken`` endpoint. The homeserver must /validate/email/submitToken`` endpoint (without the requirement
send this token to the user (if applicable), who should for an access token). The homeserver must send this token to the
then be prompted to provide it to the client. user (if applicable), who should then be prompted to provide it
to the client.
If this field is not present, the client can assume that If this field is not present, the client can assume that
verification will happen without the client's involvement verification will happen without the client's involvement

6
api/client-server/definitions/request_token_response.yaml
View file

@ -25,9 +25,9 @@ properties:
description: |- description: |-
An optional field containing a URL where the client must submit the An optional field containing a URL where the client must submit the
validation token to, with identical parameters to the Identity Service validation token to, with identical parameters to the Identity Service
API's ``POST /validate/email/submitToken`` endpoint. The homeserver must API's ``POST /validate/email/submitToken`` endpoint (without the requirement
send this token to the user (if applicable), who should then be for an access token). The homeserver must send this token to the user (if
prompted to provide it to the client. applicable), who should then be prompted to provide it to the client.
If this field is not present, the client can assume that verification If this field is not present, the client can assume that verification
will happen without the client's involvement provided the homeserver will happen without the client's involvement provided the homeserver