|
|
|
|
|
|
by daveguy
3821 days ago
|
|
|
If you are already logged in with google/github/etc you shouldn't need to re-enter your password, just give approval. The authentication and association would be handled in the background. If you have to enter a password when you are already logged in then it is a huge red flag and you should probably run. EDIT: Done correctly, "Log in with ..." should NEVER need your password for the site it will use separate authentication tokens to associate with your account. It may try to redirect you if you're not logged in, just make sure you log in by directly accessing the primary auth site first. |
|
|
In an ideal world auth flows would always open in my system browser that I can trust. On both mobile and desktop.
(Well, technically I already installed a proprietary .deb and am running the process as my user, so game over.)