2023-04-01 UTC
# Loqi [fosstodon.org/@krosylight] Looking at #IndieAuth. It uses URL as the client identifier, but what if a fake native app steals the URL of another app? How can the user know whether the URL is genuinely linked to the app in their hand? Does someone have an answer? #indieweb #security... (https://fosstodon.org/@krosylight/110123029198508410)