#ZegnatAutoAuth actually could make use of that specifically to have a private photo being shared where the actual JPG file can only be accessed with a token. It would then require tools to be able to get the rel="token_endpoint" from the JPG HTTP headers