dappelt
commented
6 years ago Turns out that the BTP auth code from ilp-plugin-mini-accounts is used. So the account address is still the hashed auth token, which is not great, but at least the readme is specific about using strong passwords.
Follow up to this issue I created on the old repo.
It looks like you took out BTP authentication completely. Now it seems to be enough that a BTP client proves that he opened a paychan to the server, right?