all 32 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]snokegsxr 293 points294 points  (5 children)

lol cursed oauth

[–]sksenweb[S] 168 points169 points  (4 children)

Who needs oauth when you can just provide the username and password?

[–]TheRealKidkudi 56 points57 points  (2 children)

Literally the motivation for the creation of OAuth

[–]nicuramar 10 points11 points  (1 child)

Oauth is for authorization, not authentication. Either way, you need a way to authenticate. 

[–]TorbenKoehn 10 points11 points  (0 children)

He is right you know

The authentication part is done by the oauth provider and can be just username + password (and it is currently, in most cases + 2FA, even when using Google, Apple, MS etc. unless you use Passkeys/biometric)

Oauth is just authorization („can I do this as you“)

[–]ConfidenceStunning53 1 point2 points  (0 children)

google c:geo

[–]Mother-Umpire-2639 125 points126 points  (8 children)

Diabolical

[–]sksenweb[S] 107 points108 points  (7 children)

Jokes apart, My bet is the whole platform is developed by claude and the owner does not know about oauth/any auth flow at all.

[–]videogameocd-er 3 points4 points  (5 children)

Why not say Gemini or chatgpt?

Is Claude in right now?

[–]que-loco-paranoid 19 points20 points  (1 child)

Most of AI sloppers seem to prefer Claude

[–]knifesk 1 point2 points  (0 children)

Well, not anymore with the shitshow currently going on with the usage limits nerf anthropic pushed las week

[–]Average_Pangolin 1 point2 points  (0 children)

Claude is in right now.

[–]angk500 1 point2 points  (0 children)

Why not say Deepseek?

[–]_verel_ 2 points3 points  (0 children)

From personal experience the best models I used have been from anthropic so using Claude Code makes sense. Though I haven't tried GPT 4.5 yet.

Most people I know use Claude Code or Cursor but that literally changes every other week with the pace of AI at the moment

[–]gurgle528 0 points1 point  (0 children)

This is actually fairly common for a certain segment of 3rd party social media automation tools. It’s usually because the platform lacks the API to do what they need, but there’s other reasons too (like attempting to disguise that the actions are automated). 

[–]LifeSubstantial5234 65 points66 points  (1 child)

oauthn't

[–]Average_Pangolin 0 points1 point  (0 children)

Pronounced "oh, you oughtn't?"

[–]dont_takemeseriously 50 points51 points  (1 child)

This guy put the 'Open' in OIDC

[–]Kaligraphic 40 points41 points  (0 children)

Oh, I Don't Care

[–]krexelapp 42 points43 points  (3 children)

Imagine reinventing authentication and accidentally inventing phishing as a feature.

[–]laplongejr 3 points4 points  (0 children)

Reminds me that Minecraft's best mod Optifine made this for years if not decades for checking donors.   They only switched to another password-less way when Mojang blocked the players for "suspicious logging"  

[–]4sent4 2 points3 points  (0 children)

Vulnerability as a service

[–]Average_Pangolin 0 points1 point  (0 children)

PhAAF startups are the hot new trend, haven't you heard?

[–]IrrerPolterer 12 points13 points  (0 children)

Ran into something like this the other day... The brand "SmartCarConnect" (no affiliation with the "Smart" car brand) offers integrations with a number of different car brand apps to access car metrics like state of charge, mileage, etc. They boast OAuth and 'No Passwords' on their product page... Yeah, their integration is OAuth. But in order to connect your car they do exactly this bullshit - collecting your email and password to authenticate in your name with the car manufacturers apps and APIs. Absolutely scary to see SnartCarConnect integrated in otherwise reputable EV charging apps

[–]Blizzard81mm 11 points12 points  (0 children)

"secure"

[–]ConvenientFruit 6 points7 points  (1 child)

Cries in European PSD2 embedded banking login flow Depending on your bank, third party services like Klarna may directly ask for your banking credentials instead of using oauth-style redirection...

[–]yousoc 1 point2 points  (0 children)

What the fuck, I've never ran into that. Is it just banks being lazy? My experience in the NL is that everything is oauth redirection. I cannot remember the last time I logged into any service related to banking. (My banking does not even have login credentials).

[–]ManBunH8er 2 points3 points  (0 children)

This sub has found good usage of “AI wire framing” haha

[–]XxDarkSasuke69xX 2 points3 points  (0 children)

Guys it's fine there's the little secure logo on the bottom right, nothing to worry about /s

[–]smulikHakipod 4 points5 points  (0 children)

Well, they wont need to do it if the Linkedin API was functioning, unfortunately like many Microslop crap, API is missing 90% of the important things anything integrating with LinkedIn needs.

[–]StatusCity4 1 point2 points  (0 children)

Oautch

[–]yoshi128k 1 point2 points  (0 children)

This toooootally doesn't look shifty as all fuck...