sknebel
commented
5 years ago Given that client_id is basically always used for an app, and often (in non-indieauth-land) pre-registered, putting what's now me? in there feels wrong I think.
Open sknebel opened 5 years ago
sknebel
commented
5 years ago Given that client_id is basically always used for an app, and often (in non-indieauth-land) pre-registered, putting what's now me? in there feels wrong I think.
Putting the
client_idhere and then requiring to verify it means it's not actually useful here, except maybe to fulfill OAuth expectations that there is a client_id, and potentially dangerous if someone uses it instead of discovering the endpoint independently.I'd tend toward removing it. (or putting the vallue of
mein there?)https://github.com/sknebel/AutoAuth/blob/master/AutoAuth.md#token-request