From 80e993e328c1f3a8da5fc24788cd1ed5ecb1a4b8 Mon Sep 17 00:00:00 2001
From: Hugh Nimmo-Smith <hughns@matrix.org>
Date: Mon, 5 Aug 2024 13:52:46 +0100
Subject: [PATCH] Fill in missing supported authorization scopes

---
 docs/topics/authorization.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/topics/authorization.md b/docs/topics/authorization.md
index 6913e1b2d..d2d7ab29c 100644
--- a/docs/topics/authorization.md
+++ b/docs/topics/authorization.md
@@ -86,11 +86,11 @@ the API can be requested by a session which has the [`urn:mas:graphql:*`] and th
 MAS supports a few different authorization grants for OAuth 2.0 sessions.
 Whilst this section won't go into the technical details of how those grants work, it's important to understand what they are and what they are used for.
 
-| Grant type                                          | Entity | User interaction | Matrix C-S API | Synapse admin API |  MAS Internal GraphQL API | MAS Admin API |
-| --------------------------------------------------- | ------ | ---------------- | -------------- | ----------------- | ------------------------- | ------------- |
-| [Authorization code](#authorization-code-grant)     | User   | Same device      | Yes            | Yes               | Yes                       | TODO: ?       |
-| [Device authorization](#device-authorization-grant) | User   | Other device     | Yes            | Yes               | Yes                       | TODO: ?       |
-| [Client credentials](#client-credentials-grant)     | Client | None             | No             | No[^admin]        | No                        | TODO: ?       |
+| Grant type                                          | Entity | User interaction | Matrix C-S API | Synapse Admin API | MAS Admin API | MAS Internal GraphQL API |
+| --------------------------------------------------- | ------ | ---------------- | -------------- | ----------------- | ------------- | ------------------------ |
+| [Authorization code](#authorization-code-grant)     | User   | Same device      | Yes            | Yes               | Yes           | Yes                      |
+| [Device authorization](#device-authorization-grant) | User   | Other device     | Yes            | Yes               | Yes           | Yes                      |
+| [Client credentials](#client-credentials-grant)     | Client | None             | No             | No[^admin]        | Yes           | Yes                      |
 
 [^admin]: The Synapse admin API doesn't strictly require a user, but Synapse doesn't support client-only sessions yet. In the future, it will be possible to leverage the client credentials grant to access the Synapse admin API.