[GNC-dev] Patelco stopped supporting OFX... other options
Derek Atkins
derek at ihtfp.com
Thu Jun 18 12:51:16 EDT 2020
> This is interesting. It sounds like OAUTH, where the mini-webserver
> redirects to the bank's website for authentication and gets a token back,
> but OAUTH tokens are supposed to be single-use and expire. The fact that
> neither seems to be the case is a bit worrying. Does plaid provide the
> source code for this web server?
That's not always the case. OAuth has long-lived tokens that can be
refreshed and reused, they are not (always) single-use tokens. You're
right that it DOES sound like OAuth, but it also sounds like you're
obtaining a client token that can be re-used.
> Regards,
> John Ralls
-derek
--
Derek Atkins 617-623-3745
derek at ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
More information about the gnucash-devel
mailing list