i’m not sure if there’s been an intentional change lately to the system related to authorization flows, but it seems like something has changed.
i have a couple of single-page web applications that i made back in the day that utilize the PCKE authorization flow:
- just displays the logged-in iNat user id as a proof-of-concept for the PCKE flow: https://jumear.github.io/stirfry/iNat_PKCE_flow_example.html
- displays activity related to comments and identifications on observations: https://jumear.github.io/stirfry/iNat_observations_updates.html
it used to be that once i had initially authorized these apps for use with my account, i would be able to use the apps without going through the iNat authorization screen again in the future (unless i revoked the authorization in my account settings).
but now, i’m having to reconfirm on the iNat authorization screen every time i use the apps. i’m not sure when the problem began since i don’t use these apps often, but i think it must have been a recent change (in the last few months).
here’s a screenshot that shows that i’ve already authorized these apps (the dates reflect today because i had to reconfirm earlier):
i’m going to use my first app (https://jumear.github.io/stirfry/iNat_PKCE_flow_example.html), and when i click on the link on that page to trigger the connection to iNat, i get redirected to the iNat authorization page:
if i Authorize, i get directed back to my app, and it displays my iNat user ID.
but then if i close the page, reopen it, and then click the link that should trigger my iNat user ID to be retrieved and displayed, i get redirected again to the above iNat authorization screen.
is this the new normal? did something change that i need to account for in the applications now so that i don’t have to always go through the iNat authorization screen?