You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
for this case ppy/osu#20590
need osu-web to restrict unauthenticated lazer sessions until they verify their session(or access_token?) by email
My assumption is that when the session owned by lazer is not authenticated, all api which can write(submit score, chat, comment etc.) will return HTTP 403 (401 will may make lazer make lazer think the token is expired or not verified, or state the reason in the return) then lazer will push a Email verification window like web do, then send code by api.
So (I think) we need:
Implement restrictions on unauthenticated access token. (only scope:public can use)
a api to issues a new code (send limit consideration?) (like home/account/reissue-code ?)
a api to receive and check code (like /home/account/verify)
The text was updated successfully, but these errors were encountered:
for this case ppy/osu#20590
need osu-web to restrict unauthenticated lazer sessions until they verify their session(or access_token?) by email
My assumption is that when the session owned by lazer is not authenticated, all api which can write(submit score, chat, comment etc.) will return HTTP 403 (401 will may make lazer make lazer think the token is expired or not verified, or state the reason in the return) then lazer will push a Email verification window like web do, then send code by api.
So (I think) we need:
home/account/reissue-code?)/home/account/verify)The text was updated successfully, but these errors were encountered: