Currently, any (known) OAuth client can write events and achievements. I think we should remove that and only allow it over JWT
Currently, any (known) OAuth client can write events and achievements.
I think we should remove that and only allow it over JWT