From f6a79204c2ce9a15d7909c1c389417e0b7351cad Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Sun, 24 Aug 2025 04:10:28 -0400
Subject: Add a missing docs note about the behaviour of `POST
 /api/auth/logout` when the current token is invalid.

It's inconsistent with the behaviour when the current token is unset. Shrug.
---
 docs/api/authentication.md | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'docs/api')

diff --git a/docs/api/authentication.md b/docs/api/authentication.md
index f1c0aea..189103e 100644
--- a/docs/api/authentication.md
+++ b/docs/api/authentication.md
@@ -103,6 +103,10 @@ The response will include a `Set-Cookie` header that clears the `identity` cooki
 
 Changes the current user's password, and invalidates all outstanding identity tokens.
 
+### Authentication failure
+
+This endpoint will respond with a status of `401 Unauthorized` if the provided identity token is not valid.
+
 ### Request
 
 ```json
-- 
cgit v1.2.3