rethink how oauth logins need to work

i can't exchange refresh tokens for access tokens without knowing the
webface oauth configuration either, so this strategy also won't work.
the server actually needs to only receive access tokens, and request the
web server to refresh them as needed.

0 files changed, 0 insertions, 0 deletions