The server code clearly mentions OAUTH. Let me know what you can
determined from the server code if you find something interesting...
J.
On 6/18/20 9:51 AM, Derek Atkins wrote:
This is interesting. It sounds like OAUTH, where the mini-webserver
redirects to the bank's website for authentication and gets a token back,
but OAUTH tokens are supposed to be single-use and expire. The fact that
neither seems to be the case is a bit worrying. Does plaid provide the
source code for this web server?
That's not always the case. OAuth has long-lived tokens that can be
refreshed and reused, they are not (always) single-use tokens. You're
right that it DOES sound like OAuth, but it also sounds like you're
obtaining a client token that can be re-used.
Regards,
John Ralls
-derek
_______________________________________________
gnucash-devel mailing list
gnucash-devel@gnucash.org
https://lists.gnucash.org/mailman/listinfo/gnucash-devel
