|
|
|
|
|
|
by ustolemyname
891 days ago
|
|
|
Passwords need to be sent both with the request, and to the requestor. I think GP is referring to sending credentials to the service making the request. It is far better to give service XYZ a time-bound and scope limited token to perform a request than a user's username and password. |
|
|