[fluffy]In this specific case, I have a user who was logging in via IndieAuth using the https URL, then was testing TicketAuth using the http URL, and then was surprised that the TicketAuth-granted bearer token didn’t have the same permissions/identity as the IndieAuth-granted bearer token.
