Found this when logging into the Lemmy.world Place canvas
While the login system works…
It’s ripe for abuse though. DMs are federated traffic and are not cryptographically secured in any form. So in theory a bad actor instance admin could spawn unlimited accounts and login… Or just sniff incoming requests from whatever instance this traffic is spawned from and obtain the login code.
For something like this, probably fine… But I wouldn’t use it for anything else, nor would I trust any app that does use this system.
Their original system required you to enter your creds + OTP, so this is a huge improvement 🤣
That’s how I just logged in.
Gave instance, username on instance, and received inbox message on my lemmy instance. (also sniffed the message cause I was curious since I’m my instance admin)
I think the original commenter meant "username+password+your Lemmy 2FA OTP” by creds
I think they meant that too… But that’s not what was provided to login.
I would not give up my instance password to another person. The list I provided was what I specifically provided.
Quick! Everyone log in as osrsneedsf2p@lemmy.ml before the code expires :P
This is just a OTP, not technically OAuth, right?
I’ve seen you on the reddit alternatives sub, voat, ruqqus, and now here lmao. One day you’ll get a non member osrs account.
What was your name on Ruqqus? That place was great, minus the rampant racism.
The Ruqqus shutdown last year is what made me come to Lemmy full-time, taught me a good lesson on why you need federation
My username was randomly generated and was 47RX6h. I mostly went on there to argue with right wingers but really I was just wasting my time lol. I got banned from most of the communities on there.
Oh wait, were you the one who started +OpenLeft?? I took over that community when you quit
Nah starting communities is way too much effort, but I was arguing left wing talking points on the site
Voat is Nazi trash. Why were you and OP on there enough for you to recognize him?
This was like within the first few months of Voat during one of the Reddit exoduses. I was on it for like a week in some meditation communities. Then yeah it pretty quickly turned into Nazi shit. Ruqqus was also Nazi shit.
I did that too. It took me 5 mins.
Ruqqus? Is that named after Uncle Ruckus? Or just similar names.
What’s an “OAuth”?
It’s an open standard for granting clients access to APIs without needing to hand over things like your password each time.
do I understand this correctly, it requires you to login to check your PMs for the code you need to login?
No you don’t understand correctly. You login to your lemmy account to get a code so you can login to canvas.
ohhhhhhh
So far no bot infestations, was able to place some tiles and not run over by country flags …yet
