Merge b21ccfc9e3 into 13aa6e83ae

assets/js/versions.template.js

@@ -110,5 +110,5 @@ fetch(url)
         }
 
         // For historical versions, simply link to the changelog
-        appendVersion(ul, "historical", "historical", '{{ (site.GetPage "changelog/historical").RelPermalink }}');
+        appendVersion(ul, "historical", '{{ (site.GetPage "changelog/historical").RelPermalink }}');
     });

changelogs/internal/newsfragments/2268.clarification

@@ -1 +0,0 @@
-Add version picker in the navbar.

content/client-server-api/_index.md

@@ -477,7 +477,8 @@ the API that was used to obtain their current access token.
 
 {{% boxes/note %}}
 Currently the OAuth 2.0 API doesn't cover all the use cases of the legacy API,
-such as automated applications that cannot use a web browser.
+such as automated applications that cannot use a web browser, or
+user management by [application services](application-service-api/#server-admin-style-permissions).
 {{% /boxes/note %}}
 
 ### Authentication API discovery
@@ -501,12 +502,6 @@ user must do that directly in the homeserver's web UI. However, the client can
 signal to the homeserver that the user wishes to create a new account with the
 [`prompt=create`](#user-registration) parameter during authorization.
 
-{{% boxes/note %}}
-{{% added-in v="1.17" %}}
-Application services can use the `/register` endpoint to create users regardless
-of the authentication API supported by the homeserver.
-{{% /boxes/note %}}
-
 ### Login
 
 With the legacy API, a client can obtain an access token by using one of the