| ▲ | sneak 2 hours ago |
| It's their OAuth token, it's not being stolen. It's just being copied from one place on their computer to another. This is no different than a competing browser importing your localStorage and cookies from Chrome on first launch. |
|
| ▲ | NewsaHackO 2 hours ago | parent [-] |
| No, the OAuth token is supposed to be used solely with the context of a first-party app only. Clearly, if you need to extract the key by reverse engineering or set up a proxy to spoof requests to a service, you're doing something shady. |
| |
| ▲ | sneak an hour ago | parent [-] | | > No, the OAuth token is supposed to be used solely with the context of a first-party app only. The web doesn't work like that. The operators of google.com saying you must only use Chrome to load it is a ridiculous concept. It's not spoofing to use your own access credentials on your own computer to access your own account on an HTTP API. | | |
| ▲ | NewsaHackO an hour ago | parent [-] | | >The web doesn't work like that. The operators of google.com saying you must only use Chrome to load it is a ridiculous concept. I have no idea what you are talking about. Chrome? Are you sure you are replying to the right thread? |
|
|
