|
|
|
|
|
|
by brujoand
2113 days ago
|
|
|
The one thing that really bugs me about the OAuth flow is what is described as step 3. When the application who wants to access data on your behalf is redirected to a login page where the user enters credentials and grants access. In many apps, these login redirects happen inside the app window, hiding the url. And even if the URL isn’t hidden, there’s suddenly a browser window inside my app and many unconscious “security checks” fail to load. I’d much rather have the OAuth provider send me an email or get a notification that can be actioned within the OAuth providers app so that I know I’m not giving my credentials to something that looks like the OAuth providers sign in page. |
|
|