<p></p>
<p>Yes, Overpass could use that token to query the user details endpoint (see screenshot below).</p>
<p>The only difference I see is that Overpass wouldn't be able to figure out, if the token has been requested for an entirely different app, and just passed on to Overpass. In case of the introspection endpoint, you could ensure that the token matches the application that has been registered before for Overpass purposes. I think that was one of the assumptions Roland made, hence I included it in my example.</p>
<p><a target="_blank" rel="noopener noreferrer" href="https://user-images.githubusercontent.com/5842757/95685682-af418100-0bf9-11eb-97df-ec225ae93b14.png"><img src="https://user-images.githubusercontent.com/5842757/95685682-af418100-0bf9-11eb-97df-ec225ae93b14.png" alt="Bildschirmfoto von 2020-10-11 19-40-03" style="max-width:100%;"></a></p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706741210">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLKJOODB26CIHHT7NBLSKHVZXANCNFSM4GXT7OGA">unsubscribe</a>.<img src="https://github.com/notifications/beacon/AAK2OLOJRM5SV2D2EOZTMHDSKHVZXA5CNFSM4GXT7OGKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFIQAHWQ.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706741210",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706741210",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>