From 7152e8f63ff91994fadb3f4bb3e26eb20eb1b90a Mon Sep 17 00:00:00 2001
From: Kitsune Ral <Kitsune-Ral@users.sf.net>
Date: Tue, 15 Oct 2024 17:47:39 +0200
Subject: [PATCH] profile.yaml: force sending access token on all requests

...to make sure those don't end up with 403 in cases like
https://github.com/quotient-im/libQuotient/issues/797
---
 data/api/client-server/profile.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/data/api/client-server/profile.yaml b/data/api/client-server/profile.yaml
index 2f0a6c0ad..deafeb616 100644
--- a/data/api/client-server/profile.yaml
+++ b/data/api/client-server/profile.yaml
@@ -75,6 +75,9 @@ paths:
         own displayname or to query the name of other users; either locally or
         on remote homeservers.
       operationId: getDisplayName
+      security:
+        - accessTokenQuery: []
+        - accessTokenBearer: []
       parameters:
         - in: path
           name: userId
@@ -178,6 +181,9 @@ paths:
         own avatar URL or to query the URL of other users; either locally or
         on remote homeservers.
       operationId: getAvatarUrl
+      security:
+        - accessTokenQuery: []
+        - accessTokenBearer: []
       parameters:
         - in: path
           name: userId
@@ -229,6 +235,9 @@ paths:
         to fetch the user's own profile information or other users; either
         locally or on remote homeservers.
       operationId: getUserProfile
+      security:
+        - accessTokenQuery: []
+        - accessTokenBearer: []
       parameters:
         - in: path
           name: userId