alt Hacker NewsIt's their OAuth token, it's not being stolen. It's just being copied from one place on their computer to another. This is no different than a competing browser importing your localStorage and cookies from Chrome on first launch.
It's their OAuth token, it's not being stolen. It's just being copied from one place on their computer to another. This is no different than a competing browser importing your localStorage and cookies from Chrome on first launch.
No, the OAuth token is supposed to be used solely with the context of a first-party app only. Clearly, if you need to extract the key by reverse engineering or set up a proxy to spoof requests to a service, you're doing something shady.