From 979819f132cf877e4cef77d04edb2d2bb1a26568 Mon Sep 17 00:00:00 2001 From: Matthias Ahouansou Date: Mon, 15 Apr 2024 20:00:54 +0100 Subject: [PATCH] remove text about appservices, as it is inaccurate --- proposals/4128-error-optional-auth.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/proposals/4128-error-optional-auth.md b/proposals/4128-error-optional-auth.md index 7f7d379c21..c5cffad76e 100644 --- a/proposals/4128-error-optional-auth.md +++ b/proposals/4128-error-optional-auth.md @@ -6,10 +6,6 @@ to the `/versions` endpoint, the first of the spec to do so. However, this MSC did not specify the behaviour of servers in cases where the authentication failed. -Similarly, endpoints like `POST /login` and `POST /register` accept authentication only from appservices, and -the behaviour of cases where either the authentication failed and/or the user to be accessed was unavailable -(user does not exist, user is deactivated, etc.). - This has lead to some implementations of the spec expecting the request to go through even when the auth is invalid, while some servers respond with an error in the above cases, damaging interoperability.