<p></p>
<p>But even then that's only an issue if (a) a site exposes the authentication token to the end user and (b) another site allows the user to provide their own token rather than requiring them to go through the authentication flow to generate a token.</p>
<p>So even if the first type of site exists any site that wants to ensure it has a valid token can just not provide a way for you to inut a token and instead require you to go though the Authorization Code Flow to generate one.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706764628">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLNL5F6AEW6LBRIWUBDSKIJGPANCNFSM4GXT7OGA">unsubscribe</a>.<img src="https://github.com/notifications/beacon/AAK2OLK5U2WC5NU3K2SFB3LSKIJGPA5CNFSM4GXT7OGKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFIQF6VA.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706764628",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706764628",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>