Ah, thanks. Has that always been the case? The last time I looked at implementing app authentication through them was quite a while back and I didn't notice it then, but I wasn't actively looking.