Bearer token is a shared secret — anyone with it can query any DID's inbox. This defeats DID-scoped auth entirely. Remove bearer token as an auth method. DID-scoped Ed25519 is the only auth path. Config field auth_token removed. BearerToken extension removed from router.
Bearer token is a shared secret — anyone with it can query any DID's inbox. This defeats DID-scoped auth entirely. Remove bearer token as an auth method. DID-scoped Ed25519 is the only auth path. Config field auth_token removed. BearerToken extension removed from router.