this post was submitted on 10 Aug 2023
108 points (95.0% liked)
Open Source
31385 readers
173 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Why do you ask for the user password rather than using oauth to access the user account? This looks highly suspicious, websites should never do that.
Because Lemmy doesn't support OAuth and this is actually the only way to do it. Hopefully only temporarily. Edit: The thing's open source, you can check that I don't do anything with the password, I only use it once to login to the api and get the token, pretty much the same as I would do with OAuth.
My bad indeed, I thought Lemmy supported OAuth but I was confused with Mastodon. Hopefully someone contributes a OAuth/OIDC solution soon.
They didn't. They sent you a code and if the code matched, they assumed it's you. I need the user's JWT token to post as them. And that's currently impossible without password.
Ahh good point, forgot you would need their token. Yeah there's no way to do this securely then :(
Alternative Lemmy frontends do that, if your server hosts this tool, isn't it similar?
Of course. I was referring to the non-self-hosted solution.