Hi, is it the same thing as User token and security - why SOLID server does not include the origin of the requester in token?
It’s a separate security advisory informing the community about a change to the token structure that’s coming to the authentication spec in the near future.
The origin requester has not yet been solved, but we will be rolling out a solution to it in the future.
For more details and to join in on the disucssion on tokens and auth, join the auth panel calls at 10 eastern every monday (GitHub - solid/authentication-panel: GitHub repository for the Solid Authentication Panel)