submit_url authentication unclear #2298
Labels
clarification
An area where the spec could do with being more explicit
client-server
Client-Server API
Milestone
For
requestToken
APIs, the spec says they may returnsubmit_url
"with identical parameters to the Identity Service API's POST /validate/email/submitToken endpoint".That was likely clear when written, but now with MSC2140 having added a v2 IS API that also layers on auth, it has become less clear.
(I would assume this intention is for such URLs to be called as if they were a v1 IS API, so no authentication.)
The text was updated successfully, but these errors were encountered: