Merge 910340a98b into 8ebf4a4789

Update wording
Newsfile
2026-03-05 03:04:11 +01:00 · 2025-11-18 16:39:53 +00:00 · 2025-11-18 13:19:11 +00:00 · 2025-11-14 11:39:18 +00:00 · 2025-11-14 11:36:46 +00:00
2 changed files with 3 additions and 0 deletions
--- a/changelogs/client_server/newsfragments/2246.clarification
+++ b/changelogs/client_server/newsfragments/2246.clarification
@ -0,0 +1 @@
+Clarify that servers may choose not to use `M_USER_DEACTIVATED` at login time, for example for privacy reasons when they can't authenticate deactivated users.
--- a/data/api/client-server/login.yaml
+++ b/data/api/client-server/login.yaml
@ -262,6 +262,8 @@ paths:
                or the requested device ID is the same as a cross-signing key
                ID.
              * `M_USER_DEACTIVATED`: The user has been deactivated.
+                Servers MAY instead use `M_FORBIDDEN` when they can no longer authenticate
+                the deactivated user (i.e. their password has been wiped).
          content:
            application/json:
              schema:
Author	SHA1	Message	Date
reivilibre	a0b96fa373	Merge `910340a98b` into `8ebf4a4789`	2025-11-18 16:39:53 +00:00
Andrew Morgan	910340a98b	Update wording	2025-11-18 13:19:11 +00:00
Olivier 'reivilibre	afc58cd8db	Newsfile Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>	2025-11-14 11:39:18 +00:00
Olivier 'reivilibre	010a6b05cd	Clarify that servers may not use M_USER_DEACTIVATED when they don't know who is asking See: https://github.com/element-hq/synapse/issues/15747	2025-11-14 11:36:46 +00:00
				`@ -0,0 +1 @@`
				Clarify that servers may choose not to use `M_USER_DEACTIVATED` at login time, for example for privacy reasons when they can't authenticate deactivated users.