|
|
|
|
|
|
by leejo
3782 days ago
|
|
|
> This is a category of dark patterns: have the user click on something that has been benign the last 20 times they've seen something similar, but this time isn't. This is the nature of OAuth, in which the scopes can be different for many different clients. Not that this makes it any better, you just need to be aware of it. Slideshare do the same thing when you click download - if you verify using linkedin they want access to everything on your linked in profile just so you can download the slides. Ridiculous (even if they're essentially the same company). Changing your password here is no good, you need to go to linkedin and then your account settings, then third party apps and delete whatever it was you allowed to connect. Despite all the failings of OAuth that's one of the good features about it, you can actually control the access. Tip: if you're logging in using OAuth (generally when you get redirected to another site to confirm) always check the requested scopes and always remove all the scopes but those essential to the functioning of the calling app/site, which is usually just access to your e-mail address.If you can't disallow certain scopes then try logging in using something else, github, facebook, whatever, and rinse and repeat. If you're still not happy then just signup with a throw away email. |
|
|