To OAuth to a Phacility instance, you currently need to confirm through two separate dialogs. This is correct in the general case, but we could introduce something like a "trusted" flag to OAuthServer that would just grant users permissions without prompting.
- The flag needs to be heavily locked down (probably CLI-only).
- I need to make sure we can really get rid of the second dialog safely because of redirect/fragment attacks. I //believe// we can.
- It would be nice to provide an IP whitelist for permitted clients. This would offer an additional barrier to an attacker escalating.