From 2b242d4f5c9ee9a608e57b4d4694eeabe9c6ee47 Mon Sep 17 00:00:00 2001
From: Gregor Reitzenstein <me@dequbed.space>
Date: Mon, 26 Oct 2020 14:08:32 +0100
Subject: [PATCH] Adds auth comments

---
 auth.capnp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/auth.capnp b/auth.capnp
index 0630b22..f0e7062 100644
--- a/auth.capnp
+++ b/auth.capnp
@@ -34,16 +34,22 @@ interface Authentication {
 
     start @1 ( request :Request ) -> ( response :Response );
     # Initiate an authentication exchange
+    # NOTE: Calling start() after an authentication exchange has already
+    # finished is undefined behaviour. If you want to double-authenticate call
+    # auth() from connection.capnp again to get a fresh capability you can use.
+    # This may however return NULL if you are not allowed to authenticate twice.
 
     step @2 ( response :Data ) -> ( response :Response );
     # Respond to a challenge with more data
+    # NOTE: As with start() calling this after having received an outcome is
+    # undefined behaviour.
 
     abort @3 () -> ();
     # Abort the current exchange. This may be sent by both client and server
     # at any point during the exchange. It MUST not be sent by a server
     # after sending an outcome or by a client after receiving an outcome.
     # A server receiving an abort after sending an outcome but before
-    # receiving any non-authentication message MUST respect the abort.
+    # receiving any other message MUST respect the abort.
 }
 
 struct Request {