Moneypot are more secure than we think.
YOU can't stole a user token and use it with another IP (other than the user IP).
They have a really good feature like IP BLOCK.
Good new
YOU can't stole a user token and use it with another IP (other than the user IP).
They have a really good feature like IP BLOCK.
Good new
That may be true for client-side apps, but if the app is using the confidential authentication flow (server-side) then it is consuming the token from their own IP anyways.