Logto api auth

[tuthanika]

No description provided.

[willnode]

That's not logto API at all

[tuthanika]

this is api to get oauth2 token by Client id and Client secret

[willnode]

Please share documentation proofing these domain is listed

[tuthanika]

I use alist / openlist
https://doc.oplist.org/guide/drivers/onedrive_app
https://doc.oplist.org/guide/drivers/febbox

Post "https://api.febbox.com/oauth/token": dial tcp 43.154.95.27:443: connect: connection refused

Post "https://login.microsoftonline.com/cb29385f-3abb-4c02-b2c0-5df2693d7e7e/oauth2/token": dial tcp [2603:1046:2000:190::1]:443: connect: connection refused

[willnode]

I feel uneasy to allow login.microsoftonline.com, it make someone could attempt to brute force login. Can you find a way such that the server won't talk to it?

[tuthanika]

If you feel uneasy about it, you can skip it, because security should always come first. I think for now, there's no other solution since it's the officially recommended method by Microsoft

[tuthanika]

"Openlist/alist supports the 'Use online API' feature with the API URL address: https://api.oplist.org/onedrive/renewapi. It might serve as a replacement for "login.microsoftonline.com".
EX: GET https://api.oplist.org/onedrive/renewapi?driver_txt=onedrive_pr&refresh_ui=xxxx."