oren's profile @oren

This is a problem. Jeffalo will have to provide the private keys if you want to implement oauth

jeffalo's profile @jeffalo

so for those of you making native wasteof clients, how does login work?

eg. how do you allow people to login via github/google?

Apr 7, 2022, 8:01 AM
16 1 4
Apr 7, 2022, 1:12 PM
1 0 1

comments

micahlt's profile @micahlt Apr 8, 2022, 1:50 PM

Do you mean the client secret? Yeah, you're right. I definitely wouldn't give someone else my client secret to an OAuth API. The more secure way would be to have some sort of page on wasteof.money that would allow you to authenticate with OAuth but then would open the mobile app and send the token with it.