Clarify that an access token is optional on /account/password and `…

…/account/deactivate` (#1843) Signed-off-by: Kévin Commaille <[email protected]> Co-authored-by: Richard van der Hoff <[email protected]>
matrix-org · Jun 18, 2024 · 4e32fca · 4e32fca
1 parent 6dfab46
commit 4e32fca
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 0 deletions.
diff --git a/changelogs/client_server/newsfragments/1843.clarification b/changelogs/client_server/newsfragments/1843.clarification
@@ -0,0 +1 @@
+Clarify that an access token is optional on the `POST /account/password` and `POST /account/deactivate` endpoints.
diff --git a/data/api/client-server/registration.yaml b/data/api/client-server/registration.yaml
@@ -387,6 +387,7 @@ paths:
         access token provided in the request. Whether other access tokens for
         the user are revoked depends on the request parameters.
       security:
+        - {}
         - accessTokenQuery: []
         - accessTokenBearer: []
       operationId: changePassword
@@ -592,6 +593,7 @@ paths:
         parameter because the homeserver is expected to sign the request to the
         identity server instead.
       security:
+        - {}
         - accessTokenQuery: []
         - accessTokenBearer: []
       operationId: deactivateAccount