From 4eb63b8adda4559df3dadcf721e2bb0d1f65a01f Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Sun, 24 Aug 2025 03:48:17 -0400
Subject: Stop returning body data from `POST /api/auth/login`.

As with `/api/setup`, the response was an ad-hoc choice, which we are not using and which constrains future development just by existing.
---
 docs/api/authentication.md | 26 ++++----------------------
 1 file changed, 4 insertions(+), 22 deletions(-)

(limited to 'docs/api')

diff --git a/docs/api/authentication.md b/docs/api/authentication.md
index fbd5959..7694609 100644
--- a/docs/api/authentication.md
+++ b/docs/api/authentication.md
@@ -71,32 +71,15 @@ The request must have the following fields:
 
 <!-- This prose is duplicated by 03-initial-setup.md and in 04-invitations.md, with small changes for context. If you edit it here, edit it there, too. -->
 
-This endpoint will respond with a status of
-`200 Okay` when successful. The body of the response will be a JSON object describing the authenticated user:
-
-```json
-{
-  "id": "Uabcd1234",
-  "name": "Andrea"
-}
-```
-
-The response will include the following fields:
-
-| Field  | Type   | Description                    |
-| :----- | :----- | :----------------------------- |
-| `id`   | string | The authenticated user's ID.   |
-| `name` | string | The authenticated user's name. |
+This endpoint will respond with a status of `204 No Content` when successful.
 
-The response will include a `Set-Cookie` header for the
-`identity` cookie, providing the client with a newly-minted identity token associated with the user identified in the request. This token's value must be kept confidential.
+The response will include a `Set-Cookie` header for the `identity` cookie, providing the client with a newly-minted identity token associated with the user identified in the request. This token's value must be kept confidential.
 
 The cookie will expire if it is not used regularly.
 
 ### Authentication failure
 
-This endpoint will respond with a status of
-`401 Unauthorized` if the login name and password do not correspond to an existing user.
+This endpoint will respond with a status of `401 Unauthorized` if the login name and password do not correspond to an existing user.
 
 ## `POST /api/auth/logout`
 
@@ -114,8 +97,7 @@ The request must be an empty JSON object.
 
 This endpoint will respond with a status of `204 No Content` when successful.
 
-The response will include a `Set-Cookie` header that clears the
-`identity` cookie. Regardless of whether the client clears the cookie, the service also invalidates the token.
+The response will include a `Set-Cookie` header that clears the `identity` cookie. Regardless of whether the client clears the cookie, the service also invalidates the token.
 
 ## `POST /api/password`
 
-- 
cgit v1.2.3