2018-08-29 UTC
# Zegnat But I think the real win is to promote minimal scopes on tokens more. If I am giving my WP blog a token that lets it automatically cross-post using micropub, how much do I trust the WP blog to only do that? I can mitigate my trust by scoping the token in such a way that it only allows "create". Even if the token were to leak now, nobody can use it to update/delete my posts.