radi8's profile @radi8

the wasteofplus API (soon to be in use) is now public!

https://github.com/wasteofplus/api

Oct 20, 2023, 7:31 PM
9 0 4

comments (single view)

jeffalo's profile @jeffalo Oct 21, 2023, 8:28 AM

third party backend services should not get access to wasteof user passwords/tokens. not sure if thats whats going on with wasteofplus, but it kinda looks like it.. wasteof.mobile is client side only, which is why it asking for username and password is acceptable, but no third party serverside component should ever have access to a user’s wasteof token or password.

radi8's profile @radi8 Oct 21, 2023, 12:20 PM

if it makes you feel any better, apache/uvicorn logs are cleared every few hours & we don’t store tokens. if you can think of a better way that I can implement this I would be happy to do so.

asfsdgdfd's profile @asfsdgdfd Oct 21, 2023, 2:23 PM

atm, wasteofplus doesn't use this api btw

asfsdgdfd's profile @asfsdgdfd Oct 21, 2023, 2:24 PM

the emoji reactions addon (which was going to use the api) could instead just post standalone emoji replies i guess?

View all comments