dbread: "" *Long-lived access tokens* are valid for 10 yea…" - Qoto Mastodon

dbread @dbread@qoto.org

" *Long-lived access tokens* are valid for 10 years. These are useful for integrating with third-party APIs and webhook-style integrations. "

Is this a good idea from #security perspecitve? I do not think so, but what is a better way?

Probably we need a standardized #API endpoint e.g. "renew-token" (like auto discovery)

Jul 12, 2024, 10:46 · · · ·

Sign in to participate in the conversation