Specify that appservice login and register fail on incorrect as_tokens (#1744)

tulir · web-flow · commit 5c96f455569b · 2024-03-19T14:59:00.000Z
Signed-off-by: Tulir Asokan &lt;tulir@maunium.net&gt;
diff --git a/changelogs/application_service/newsfragments/1744.clarification b/changelogs/application_service/newsfragments/1744.clarification
@@ -0,0 +1 @@
+Clarify that the `/login` and `/register` endpoints should fail when using the `m.login.application_service` login type without a valid `as_token`.
diff --git a/content/application-service-api.md b/content/application-service-api.md
@@ -436,6 +436,12 @@ an application service-defined namespace will receive the same
 `M_EXCLUSIVE` error code, but only if the application service has
 defined the namespace as `exclusive`.
 
+If `/register` or `/login` is called with the `m.login.application_service`
+login type, but without a valid `as_token`, the endpoints will return an error
+with the `M_MISSING_TOKEN` or `M_UNKNOWN_TOKEN` error code and 401 as the HTTP
+status code. This is the same behavior as invalid auth in the client-server API
+(see [Using access tokens](/client-server-api/#using-access-tokens)).
+
 #### Pinging
 
 {{% added-in v="1.7" %}}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Clarify that the `/login` and `/register` endpoints should fail when using the `m.login.application_service` login type without a valid `as_token`.