HackerTrans
トップ新着トレンドコメント過去質問紹介求人

brianfletcher

no profile record

コメント

brianfletcher
·5 年前·議論
Oh yeah I see what you mean. That sounds like we can optimize there. It's probably unlikely that a completely valid installation id and code comes back for the wrong app? I'm probably clutching at straws. Maybe the app is uninstalled by the time the redirect makes it back. Also unlikely. You are probably right that it is redundant.
brianfletcher
·5 年前·議論
If you use the setup url callback, you don't get any authorization code just an installation id and the setup action. So there is no means to verify that the user honestly owns the installation that they are providing. Because the number is so short, it's easy to guess every combination.