• #dev 2020-11-21
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2020-11-21 UTC
# 20:26
Zegnat I am thinking, the `me` returned from the AS is trusted from the user/AS point of view, but is not yet trusted from the client point of view as the user might be trying an impersonation attack. So the client should try to establish a trusted relationship between `me` and `authorization_endpoint` no matter what.