From d433e3b7f19c771411a2a2098fab8cc765d85bf6 Mon Sep 17 00:00:00 2001 From: Quentin Gliech Date: Thu, 3 Jun 2021 16:26:29 +0200 Subject: [PATCH] MSC2918: specify error codes for the refresh API --- proposals/2918-refreshtokens.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/proposals/2918-refreshtokens.md b/proposals/2918-refreshtokens.md index ba8545100ab..f9aaebd5f44 100644 --- a/proposals/2918-refreshtokens.md +++ b/proposals/2918-refreshtokens.md @@ -51,6 +51,14 @@ response: } ``` +The `refresh_token` parameter can be invalid for two reasons: + + - if it does not exist + - if it was already used once + +In both cases, the server must reply with a `401` HTTP status code and an `M_UNKNOWN_TOKEN` error code. +This new use case of the `M_UNKNOWN_TOKEN` error code must be reflected in the spec. + ### Device handling The current spec states that "Matrix servers should record which device each access token is assigned to".