[openstreetmap/openstreetmap-website] oauth_filter intercepts OAuth2.0 endpoints meant for Doorkeeper (#3245)
mmd
notifications at github.com
Fri Jul 2 16:35:27 UTC 2021
> I think you can use bearer auth with a different token though I haven't proven that yet.
Yes, that seems to work. My local set up has a number of different users, and when I request a new access token in Postman for another user, and use that new token for bearer auth, I can request some details for another token.
The good thing is that the introspect endpoint doesn't include any details about the user id, which I believe was one of the reasons for Roland to create an GDPR comliant API key dispenser.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3245#issuecomment-873122282
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210702/61a36187/attachment-0001.htm>
More information about the rails-dev
mailing list