• #dev 2021-06-12
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2021-06-12 UTC
# 17:53
aaronpk the reason being the only way to get a valid auth code is if you are the legitimate client or if you stole one. the legitimate client should have no reason to make a request with a valid auth code that is invalid for some reason. an attacker might be able to do more things with the stolen auth code if it remains valid