RC RANDOM CHAOS

OAuth 2.0

2 posts

Bearer tokens vouch for nobody
Article

Bearer tokens vouch for nobody

Alibaba's restriction of Claude Code exposes how OAuth 2.0 bearer tokens resolve a past verification instead of validating the entity acting now.

OAuth converts consent into standing permission
Article

OAuth converts consent into standing permission

OAuth 2.0 issues a token, not an identity. It verifies authority once at consent and honours the reference thereafter, without ever revalidating the grant.