, now w/ oauth now allows you to login with Facebook, GitHub, Google+ and/or a Twitter account using OAuth. Naturally I require users with privileges to either not link any account and/or configure a second factor. It’s only valid for the click-and-pray web interface though, and that does not allow us to make any changes to source code… Continue reading, now w/ oauth

Thou Shalt Not Use OAuth

TL;DR: Do not use OAuth to “Sign in with…” without a second factor. OAuth is the mechanism with which a third party (a “client” or “App”) can be delegated a level of authority on an account (the “first party”, most commonly you) with an OAuth provider (the “second party”). This usually includes allowing an app… Continue reading Thou Shalt Not Use OAuth