Kinda broken.

[Semisol]

I think this is kinda very flawed.
First, you can do this:

1. Login to site A
2. Site A gets code from site B
3. User posts code
4. Site A now has control over the account on site B

[Semisol]

Also quick reminder that it will be dropped after 1-2 months of ScratchOAuth2's release.

[aetinx]

Also quick reminder that it will be dropped after 1-2 months of ScratchOAuth2's release.

What is ScratchOAuth2?

[Semisol]

Also quick reminder that it will be dropped after 1-2 months of ScratchOAuth2's release.

What is ScratchOAuth2?

New system without the flaws.

Images

We are working on how it works right now.

[Semisol]

It fixes a problem where:
Site A wants you to post a code to your profile, obtained from Site B
You do it, and site A is now logged in as you in site B

[Semisol]

Any fixes?

[micahlt]

I never really got the point of this issue - I'm confused by "Site A" and "Site B". Use Modchat for example and explain it again if you can.

[Semisol]

I never really got the point of this issue - I'm confused by "Site A" and "Site B". Use Modchat for example and explain it again if you can.

Like, the site you are trying to log in might show you the code from another site, then log into that site as you.
And denial of service by constantly spamming verify.