2015-07-15 UTC
#
aaronpk b) before-hand, I make a POST request to your token endpoint with an authorization code that I generated, you check the code against *my authorization endpoint* and if it's valid, you generate an access token. then to actually fetch the post, I make a GET request with the access token that *you* generated in the Authorization header
![](https://chat.indieweb.org/img.php?url=https%3A%2F%2Faaronparecki.com%2Fimages%2Faaronpk-128.jpg&sig=fcc92d9a2a2192cebb3e92cd1bf91bd7b844f7ef87301cbe5d35b9847b0d0ae0)