OAuth 2.0
2 posts
Article
Bearer tokens vouch for nobody
Alibaba's restriction of Claude Code exposes how OAuth 2.0 bearer tokens resolve a past verification instead of validating the entity acting now.
Article
OAuth converts consent into standing permission
OAuth 2.0 issues a token, not an identity. It verifies authority once at consent and honours the reference thereafter, without ever revalidating the grant.