cheeaun, 26 days ago

@thisismissem @snarfed.org@snarfed.org sorry what kind of feedback are you expecting? Tokens expiring and clients renewing them?

thisismissem, 26 days ago

@cheeaun @snarfed.org@snarfed.org yeah, so like public clients can expire frequently, since they're short lived & don't have client_secrets

But for the confidential clients, expiry is harder to set since it can break things; you basically need to go through and re-install the server-based app.

Currently all clients are confidential clients (which they're actually not), so for instant, phanpy would be a public client, since it generates a new client for each browser that loads it for a given server

cheeaun, 26 days ago

@thisismissem @snarfed.org@snarfed.org Oh so is this about migrating from confidential to short-lived tokens? Or deciding when to migrate? Potentially have to wait for clients or warn clients to implement token renewal within a year?

thisismissem, 25 days ago

@cheeaun @snarfed.org@snarfed.org yeah, but we may actually have a better solution that doesn't require client registration! I'm really excited for this.