So, I’ve used oAuth2 before, but never really dug into it.
Seems odd that Mastodon lets you programmatically create apps without auth:
On the one hand, this seems like it should be a very spammable endpoint. On the other hand it can’t be worse than any other public endpoint, can it? I mean you could end up with a database full of spammy apps, but that’s not really a lot of data. I assume it’s pretty hard rate limited?