[openstreetmap/openstreetmap-website] Add OAuth Refresh token when `openid` scope is used (PR #5497)
David Karlaš
notifications at github.com
Wed Jan 22 12:49:04 UTC 2025
I'm not, but my feeling is, sending `id_token` rather than `access_token` is a bit better since if Panoramax instance is compromised nothing is lost since `id_token` is used only for Authentication, not Authorization like `access_token`.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5497#issuecomment-2607162185
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/5497/c2607162185 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20250122/0ae12996/attachment.htm>
More information about the rails-dev
mailing list