2019-06-23 UTC
# 
melody it seems like creating remote objects directly kind of assumes the remote server wants to give you permission to create objects -- even with the oauth situation allowing the remote server to create on behalf of the user, if there's any opportunity for the remote server to step in and potentially prevent that create (which there should be) the flow would end up needing to resemble the same handshake as offer/accept/reject