Distinction between deleting devices and invalidating access tokens is bogus and confusing #1950
Labels
improvement
An idea/future MSC for the spec
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Suggestion
The difference between "deleting a device" (via https://spec.matrix.org/v1.11/client-server-api/#post_matrixclientv3delete_devices) and "logging out an access token" (via e.g. https://spec.matrix.org/v1.11/client-server-api/#post_matrixclientv3logout) is not terribly clear. After some discussion in #matrix-spec, it appears there is no difference, since:
/logout*invalidates the access token but also deletes the associated device/delete_devicesdeletes the devices but also invalidates their access tokensSo essentially the same operation is approached from two different angles: one from the perspective of deleting a device (and invalidating all of its access tokens) and the other from the perspective of invalidating an access token (and deleting its device and other access tokens).
This makes
/delete_devicesa weird odd beast. It would make more sense to have a/logout/someinstead.The text was updated successfully, but these errors were encountered: