do you mean OpenID? I guess oauth is OK for signups if the tokens were expiring.... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cblconfederate on Jan 15, 2021 \| parent \| context \| favorite \| on: Tell HN: Dropbox now requires access to contacts f... do you mean OpenID? I guess oauth is OK for signups if the tokens were expiring. But usually you naively give the credentials to a new startup, only to find out they abuse them months later.

dudul on Jan 15, 2021 [–]

Can you elaborate on that? How can they abuse it? Your oauth provider will show you which permissions the app is requesting when you grant them access. What kind of abuse have you seen?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact