OAuth Levels for App Passwords #1072
Labels
feature-request
A request for a new feature
x:on-the-roadmap
We're planning to do this but it may be a bit
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
As Bluesky is growing, app passwords are only becoming more commonly used for external services. This opens up risk as those services themselves have their own trust concerns, but also vulnerability of hacks, bad logging patterns, and more.
Describe the solution you'd like
A manner to set the authorization scope level for a given app password to prevent the risk of having an app password taken to then be used for means it was not intended
Describe alternatives you've considered
Being able to set app passwords to only be authorized for specific host origins
Additional context
I noticed that when calling custom feeds bearer tokens are already implemented so thought this may not be too complicated an ask
The text was updated successfully, but these errors were encountered: