top | item 47197930

(no title)

sneak | 1 day ago

It's their OAuth token, it's not being stolen. It's just being copied from one place on their computer to another. This is no different than a competing browser importing your localStorage and cookies from Chrome on first launch.

discuss

NewsaHackO|1 day ago

No, the OAuth token is supposed to be used solely with the context of a first-party app only. Clearly, if you need to extract the key by reverse engineering or set up a proxy to spoof requests to a service, you're doing something shady.

DangitBobby|12 hours ago

That's not what stealing is.

sneak|1 day ago

> No, the OAuth token is supposed to be used solely with the context of a first-party app only.

The web doesn't work like that. The operators of google.com saying you must only use Chrome to load it is a ridiculous concept. It's not spoofing to use your own access credentials on your own computer to access your own account on an HTTP API.