Just clarifying - this isn't how it works. Usernames and passwords may pass through my servers, but they are not logged or stored. When a token is received from Scratch or wasteof, that token is transmitted back to the user's device where it is then stored.
@micahlt I just realized you have both my scratch and wasteof password from itchy and wasteof mobile both of which I use via a emulator on pc
there has to be a better way to do this — why are the credentials passing through your server? can the device not make requests directly?
With wasteof.mobile, yes, it goes directly to your servers. However, due to Scratch being weird and some technical limitations of Ionic (which powers the app), Itchy has to use an actual Node server to make the request, not just an HTTP plugin.