(My bad in advance for replying to an old post!)
I think about this a lot especially since I’m beginning to move my authorization endpoint to be outside of my site and in a more trusted location. For actions like these, if my authorization endpoint could also send some sort of notification to my device to be like “hey, this just happened. we’ll let it go through if you say yes in 5 minutes, otherwise we’ll cancel it”. This is super easy (infrastructure-wise) if you roll your endpoint into your site but doing it separately requires a bit of back and forth.
That said, I’m 100% adding this to my backlog of things to try out!
Published using Quill.
Syndicated To indieweb.xyz/en/privacy IndieWeb.XYZ // IndieWeb