#barnabythere’s been some discussion about deprecating this flow too, so that the authorization endpoint is only used for user-facing requests, and the token endpoint is used for all app-facing requests, but nothing is decided yet https://github.com/indieweb/indieauth/issues/58