Please Do Not Ask For The User’s Scratch Username And Password #3
Assignees
Labels
Milestone
Comments
Fluffy728
added
bug
|
Right. I was thinking the scratch API would ensure the username exists, then generate a key (like an SSH key) for the pw.
|
|
I'll work on it now. The last thing we want is to scare away users, though the login is only stored locally. |
This comment has been minimized.
This comment has been minimized.
|
Got it. Also, I didn't realize Github didn't support PHP. I fixed it (so it just uses JavaScript), and I still think we're better off than before, but this is still something I have to make sure doesn't happen again... |
|
What about Scratch Auth? Do we need that? |
This comment has been minimized.
This comment has been minimized.
|
Great. I'm not sure Scratch Auth is possible due to API limitations, but as I mentioned, the user has to post their code on their profile. It can only be accessed via local storage, effectively getting rid of impersonation. |
|
It’s done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Please do not use their usernames and passwords for sign up, instead we could try to use the Scratch APi for comments, I could make an auth project and we could ask for the user’s username, ask them to comment a code (BUT MAKE IT DIFFRENT EVERYTIME), then when they press OK, it checks if and who commented the code. Then they get signed in with that user that was used to comment the generated code. Or you could use Scratch Auth.
Even if you don’t store it it could scare users off, the website could get deleted, and people can hack. It also says “sign in with scratch”.
The text was updated successfully, but these errors were encountered: