[openstreetmap/openstreetmap-website] "application could not be found" message for most of oauth2 apps (Issue #4103)
Anton Khorev
notifications at github.com
Wed Jul 26 16:00:38 UTC 2023
There aren't any secrets for those who can access an app. Almost. The app may not reveal all of its possible permissions and all of its redirect urls. But at least one redirect url and some permission are going to be visible to all its users.
However if the app is not published anywhere, nobody knows its client_id, permissions, urls. Removing the show restriction would allow anyone to go through all of the apps by opening https://www.openstreetmap.org/oauth2/applications/1 https://www.openstreetmap.org/oauth2/applications/2 https://www.openstreetmap.org/oauth2/applications/3 etc. Is that ok?
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4103#issuecomment-1652103032
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/4103/1652103032 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230726/29a72fdc/attachment.htm>
More information about the rails-dev
mailing list