[icedchai]

How is this not true of any other centralized authentication system?

[underyx]

I don't know, this is why I'm asking. I don't know if the issue even really exists or if there are workarounds.

But OAuth tokens for instance are bound to services, aren't they? If I'm correct, that would make that sort of centralized auth resilient to apps leaking credentials.

[icedchai]

There could be a bug in the OAuth server, where tokens are issued. Credentials could be logged there.