QUESTIONS:
- What are allowable characters for a device ID?
    https://github.com/matrix-org/matrix-doc/issues/1257

----

The txn_id in a token authentication request is meant to be tied permanently to the (single-use) token by the server, *after* the first request from the client that includes the txn_id. It functions as a nonce that other clients would not be able to guess, essentially locking the token to a specific client. Ref https://github.com/matrix-org/matrix-doc/pull/69

----

Error metadata:
TooManyRequests: { retry_after_ms: 2000 }

----

Deprecated features to maybe support later:
-

----

Skipped, todo later:

GET /_matrix/static/client/login/
https://matrix.org/docs/spec/client_server/r0.4.0.html#id216
This returns an HTML and JavaScript page which can perform the entire login process. The page will attempt to call the JavaScript function window.onLogin when login has been successfully completed.

-----

GUEST ACCOUNTS

https://matrix.org/docs/spec/client_server/r0.4.0.html#id520

The following API endpoints are allowed to be accessed by guest accounts for retrieving events:

    GET /rooms/:room_id/state
    GET /rooms/:room_id/context/:event_id
    GET /rooms/:room_id/event/:event_id
    GET /rooms/:room_id/state/:event_type/:state_key
    GET /rooms/:room_id/messages
    GET /rooms/:room_id/initialSync
    GET /sync
    GET /events as used for room previews.

The following API endpoints are allowed to be accessed by guest accounts for sending events:

    POST /rooms/:room_id/join
    POST /rooms/:room_id/leave
    PUT /rooms/:room_id/send/m.room.message/:txn_id
    PUT /sendToDevice/{eventType}/{txnId}

The following API endpoints are allowed to be accessed by guest accounts for their own account maintenance:

    PUT /profile/:user_id/displayname
    GET /devices
    GET /devices/{deviceId}
    PUT /devices/{deviceId}

The following API endpoints are allowed to be accessed by guest accounts for end-to-end encryption:

    POST /keys/upload
    POST /keys/query
    POST /keys/claim


----------

FIXME: Review where the homeserver *address* should be returned and where the *name* should be returned (which can differ, ref. https://brendan.abolivier.bzh/enter-the-matrix/) -- in particular the `homeserver` property in login/register routes