• #dev 2025-02-11
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2025-02-11 UTC
# 21:15
aaronpk i'm not sure the token scanning attack is the best description of why the endpoint should require authentication, since realistically a resource server can also be used to check if a random string is a valid token. also you should be using values for tokens that are so long/random that they are virtually impossible to guess anyway. the larger issue is that the token introspection response is meant to