but it does not authenticate you against the homeserver and does not grant you the access token, meaning the application would not be able to access Matrix APIs on user's behalf
That’s exactly what you want to avoid.
The bot can still get things shared by the user like username, avatar, 3pids and pubkeys.
Can you give me a use-case that my proposed solution is insufficient for due to inability to impersonate the user to the Matrix homeserver?
That’s exactly what you want to avoid.
The bot can still get things shared by the user like username, avatar, 3pids and pubkeys.
Can you give me a use-case that my proposed solution is insufficient for due to inability to impersonate the user to the Matrix homeserver?