Oh yeah I see what you mean. That sounds like we can optimize there. It's probably unlikely that a completely valid installation id and code comes back for the wrong app? I'm probably clutching at straws. Maybe the app…
If you use the setup url callback, you don't get any authorization code just an installation id and the setup action. So there is no means to verify that the user honestly owns the installation that they are providing.…
Oh yeah I see what you mean. That sounds like we can optimize there. It's probably unlikely that a completely valid installation id and code comes back for the wrong app? I'm probably clutching at straws. Maybe the app…
If you use the setup url callback, you don't get any authorization code just an installation id and the setup action. So there is no means to verify that the user honestly owns the installation that they are providing.…