diff options
| author | Owen Jacobson <owen@grimoire.ca> | 2025-08-24 03:48:17 -0400 |
|---|---|---|
| committer | Owen Jacobson <owen@grimoire.ca> | 2025-08-24 04:51:24 -0400 |
| commit | 4eb63b8adda4559df3dadcf721e2bb0d1f65a01f (patch) | |
| tree | 4fc62e30770ec84be431a5dabc2aead3eaad88f9 /docs/api | |
| parent | 1a0ee4af6538b5486d35730d480d00ca4d9edafb (diff) | |
Stop returning body data from `POST /api/auth/login`.
As with `/api/setup`, the response was an ad-hoc choice, which we are not using and which constrains future development just by existing.
Diffstat (limited to 'docs/api')
| -rw-r--r-- | docs/api/authentication.md | 26 |
1 files changed, 4 insertions, 22 deletions
diff --git a/docs/api/authentication.md b/docs/api/authentication.md index fbd5959..7694609 100644 --- a/docs/api/authentication.md +++ b/docs/api/authentication.md @@ -71,32 +71,15 @@ The request must have the following fields: <!-- This prose is duplicated by 03-initial-setup.md and in 04-invitations.md, with small changes for context. If you edit it here, edit it there, too. --> -This endpoint will respond with a status of -`200 Okay` when successful. The body of the response will be a JSON object describing the authenticated user: - -```json -{ - "id": "Uabcd1234", - "name": "Andrea" -} -``` - -The response will include the following fields: - -| Field | Type | Description | -| :----- | :----- | :----------------------------- | -| `id` | string | The authenticated user's ID. | -| `name` | string | The authenticated user's name. | +This endpoint will respond with a status of `204 No Content` when successful. -The response will include a `Set-Cookie` header for the -`identity` cookie, providing the client with a newly-minted identity token associated with the user identified in the request. This token's value must be kept confidential. +The response will include a `Set-Cookie` header for the `identity` cookie, providing the client with a newly-minted identity token associated with the user identified in the request. This token's value must be kept confidential. The cookie will expire if it is not used regularly. ### Authentication failure -This endpoint will respond with a status of -`401 Unauthorized` if the login name and password do not correspond to an existing user. +This endpoint will respond with a status of `401 Unauthorized` if the login name and password do not correspond to an existing user. ## `POST /api/auth/logout` @@ -114,8 +97,7 @@ The request must be an empty JSON object. This endpoint will respond with a status of `204 No Content` when successful. -The response will include a `Set-Cookie` header that clears the -`identity` cookie. Regardless of whether the client clears the cookie, the service also invalidates the token. +The response will include a `Set-Cookie` header that clears the `identity` cookie. Regardless of whether the client clears the cookie, the service also invalidates the token. ## `POST /api/password` |