[openstreetmap/openstreetmap-website] API key dispenser (#2145)
Tom Hughes
notifications at github.com
Sun Oct 11 20:34:47 UTC 2020
But even then that's only an issue if (a) a site exposes the authentication token to the end user and (b) another site allows the user to provide their own token rather than requiring them to go through the authentication flow to generate a token.
So even if the first type of site exists any site that wants to ensure it has a valid token can just not provide a way for you to inut a token and instead require you to go though the Authorization Code Flow to generate one.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706764628
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20201011/217cb3b6/attachment-0001.htm>
More information about the rails-dev
mailing list