Michiel de Jong

Is this still incomplete?

@gklyne is still seeing this issue

I ran that and pushed it to the `openapi3` branch. Does https://cs3org.github.io/OCM-API/docs.html?branch=openapi3&repo=OCM-API&user=cs3org#/paths/~1invite-accepted/post look OK? If so we can switch to it!

I ran the script on latest `develop` and force-pushed. How can we test if it is OK?

Ah, https://cs3org.github.io/OCM-API/docs.html?branch=openapi-3&repo=OCM-API&user=cs3org looks OK I think?

Also https://openid.net/specs/openid-financial-api-ciba.html > The push mode is not permitted by this specification as it delivers tokens to the client by calling an endpoint owned by the client. This substantially differs...

This study culminated in https://github.com/cs3org/OCM-API/pull/98#issuecomment-2325971606

> in case the requestor is a trusted EFSS, the response SHOULD contain the requestor's domain in the trusted-domains list. Hm, but until now we have always done requests to...

So I would suggest federation types: * open * signed * blacklist * whitelist * invite * signed,blacklist * signed,whitelist * signed,invite * signed,blackist,invite * signed,whitelist,invite (this is the federation...

Hm, good idea but feels a bit out of scope, and feels like it should be a mechanism that works both for OCM and for Toots and other social notifications...