> This is interesting. It sounds like OAUTH, where the mini-webserver
> redirects to the bank's website for authentication and gets a token back,
> but OAUTH tokens are supposed to be single-use and expire. The fact that
> neither seems to be the case is a bit worrying. Does plaid provide the
> source code for this web server?
That's not always the case. OAuth has long-lived tokens that can be
refreshed and reused, they are not (always) single-use tokens. You're
right that it DOES sound like OAuth, but it also sounds like you're
obtaining a client token that can be re-used.
> Regards,
> John Ralls
-derek
--
Derek Atkins 617-623-3745
[email protected] www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
gnucash-devel mailing list
[email protected]
https://lists.gnucash.org/mailman/listinfo/gnucash-devel
