alt Hacker NewsOAuth with refresh tokens.
IAM roles/workload identity.
Even time-limited or signed JWT, though has a separate issues.
Maybe you'll say 'those are both just text values passed like an apikey' though api keys don't frequently rotate/time limited, which is an important security feature.
Replies
jallmann • yesterday at 4:29 PM
> OAuth with refresh tokens.
Then the LLM slurps up your refresh token. What's next?
➕ show 3 replies
XorNot • yesterday at 3:54 PM
At that point you've just reinvented Kerberos tickets really...
➕ show 1 reply
So how would this help in this case? The oauth info would’ve just been in the csv or in someone’s env file.