Re: [openstreetmap/openstreetmap-website] Add OAuth Refresh token when `openid` scope is used (PR #5497)

David Karlaš via rails-dev Wed, 22 Jan 2025 04:52:07 -0800

I'm not, but my feeling is, sending `id_token` rather than `access_token` is a 
bit better since if Panoramax instance is compromised nothing is lost since 
`id_token` is used only for Authentication, not Authorization like 
`access_token`.


-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5497#issuecomment-2607162185
You are receiving this because you are subscribed to this thread.

Message ID: 
<openstreetmap/openstreetmap-website/pull/5497/c2607162...@github.com>

_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev

Re: [openstreetmap/openstreetmap-website] Add OAuth Refresh token when `openid` scope is used (PR #5497)

Reply via email to