diff --git a/src/IdentityAuthClient.js b/src/IdentityAuthClient.js
index d7f810951b..185354012d 100644
--- a/src/IdentityAuthClient.js
+++ b/src/IdentityAuthClient.js
@@ -58,8 +58,13 @@ export default class IdentityAuthClient {
 
     _checkToken(token) {
         // TODO: Test current API token via `/account` endpoint
+
         // At the moment, Sydent doesn't implement `/account`, so we can't use
         // that yet. We could try a lookup for a null address perhaps...?
+        // Sydent doesn't currently expire tokens, but we should still be testing
+        // them in any case.
+        // See also https://github.com/vector-im/riot-web/issues/10452.
+
         // In any case, we should ensure the token in `localStorage` is cleared
         // appropriately. We already clear storage on sign out, but we'll need
         // additional clearing when changing ISes in settings as part of future