Login
You're viewing the mstdn.social public feed.
  • Jul 2, 2026, 10:54 AM

    @mjg59 I imagine some of the pushback on TLS based solutions is that it is that getting it to work if you've e.g. decided to let Cloudflare MITM your connections or use some other service to terminate the TLS connections. If that frontend doesn't support the feature or doesn't pass through the relevant info, you're screwed.

    I also wonder if the difficulties with OAuth 1.0 tilted people towards simple bearer tokens. I remember having a lot of difficulty with Apache normalising requests in ways that would break signatures by the time the application saw the request. It was bad enough to just recomend people use PLAINTEXT mode. That feels like it directly leads to OAuth 2.0 only defining bearer tokens at launch.

    💬 1🔄 0⭐ 1

Replies

  • Jul 2, 2026, 1:32 PM

    @jamesh @mjg59 I remember that happening. Also people saying not to worry about going back to bearer tokens because now TLS was everywhere and we didn’t have to worry about token leaks.

    So dumb.

    💬 0🔄 0⭐ 0