21/12/2022, 07:28

So, I’ve used oAuth2 before, but never really dug into it.

Seems odd that Mastodon lets you programmatically create apps without auth:

https://docs.joinmastodon.org/methods/apps/#create

On the one hand, this seems like it should be a very spammable endpoint. On the other hand it can’t be worse than any other public endpoint, can it? I mean you could end up with a database full of spammy apps, but that’s not really a lot of data. I assume it’s pretty hard rate limited?