2018-09-13 UTC
# mayo aaronpk: I was trying to figure out the point of including user IDs in the aperture microsub URLs (eg. /microsub/34). When a request comes in to /microsub/34, user id 34 is looked up in db, token is verified at the token endpoint, and me URLs are compared. My approach was to validate token, get the me URL, lookup user in db by their me URL (its hash, actually). Am I missing something security wise? Or just a case of different approach?