From 61eae6dd68e626eb4fa4aeb80a94d186498e1e2a Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Fri, 7 Jun 2024 10:26:41 +0200 Subject: [PATCH 1/3] Clarify that per-request UIA for /login/get_token is an RFC 2119 MUST requirement Signed-off-by: Johannes Marbach --- data/api/client-server/login_token.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/api/client-server/login_token.yaml b/data/api/client-server/login_token.yaml index a8ab12487..19fa350ee 100644 --- a/data/api/client-server/login_token.yaml +++ b/data/api/client-server/login_token.yaml @@ -45,7 +45,7 @@ paths: intend to log in multiple devices must generate a token for each. With other User-Interactive Authentication (UIA)-supporting endpoints, servers sometimes do not re-prompt - for verification if the session recently passed UIA. For this endpoint, servers should always re-prompt + for verification if the session recently passed UIA. For this endpoint, servers MUST always re-prompt the user for verification to ensure explicit consent is gained for each additional client. Servers are encouraged to apply stricter than normal rate limiting to this endpoint, such as maximum From e8bd5a98bb05534236cf59c8b3e5cf874e672211 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Fri, 7 Jun 2024 10:29:34 +0200 Subject: [PATCH 2/3] Add changelog entry --- changelogs/client_server/newsfragments/1846.clarification | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelogs/client_server/newsfragments/1846.clarification diff --git a/changelogs/client_server/newsfragments/1846.clarification b/changelogs/client_server/newsfragments/1846.clarification new file mode 100644 index 000000000..e98fd532b --- /dev/null +++ b/changelogs/client_server/newsfragments/1846.clarification @@ -0,0 +1 @@ +Clarify that per-request UIA for /login/get_token is an RFC 2119 MUST requirement From 2a0f2ce2b96fdd2c5a596769e9d4f85af46b4ca2 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Fri, 7 Jun 2024 09:33:06 +0100 Subject: [PATCH 3/3] Update changelogs/client_server/newsfragments/1846.clarification --- changelogs/client_server/newsfragments/1846.clarification | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/client_server/newsfragments/1846.clarification b/changelogs/client_server/newsfragments/1846.clarification index e98fd532b..6f57eb358 100644 --- a/changelogs/client_server/newsfragments/1846.clarification +++ b/changelogs/client_server/newsfragments/1846.clarification @@ -1 +1 @@ -Clarify that per-request UIA for /login/get_token is an RFC 2119 MUST requirement +Clarify that per-request UIA for /login/get_token is an RFC 2119 MUST requirement.