Hacker News new | past | comments | ask | show | jobs | submit login

Do you realize you still have to trust the developer implemented their side of oauth correctly? It's not like Google is sending engineers to every implementor to verify that.



Well I don't give the app developer my password, and Google limits the information that they can get about my account on their end. What could a malicious or incompetent app developer do to my Google info?


You can lose your data you put to the service, obviously, if someone can get over the broken oauth implementation.


What use does an app developer have for your password to their own service?




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: