Single sign-on systems from several Big Tech companies are being incorporated into deepfake generators, WIRED found. Discord and Apple have started to terminate some developers’ accounts.
So I’m thinking back to the times I’ve used it. I want to say I assume they have a way to track where this is being used based on referrer, but I don’t remember clearly enough. I don’t think a given token has to be tied to any URL. You just get a token and validate it with a service.
But people who use it on a daily basis could probably answer more definitively. I’ve just used it a couple of times and didn’t bother retaining it because it’s easy to figure out when you need it.
You don’t need to be vetted to use OAUTH. And you shouldn’t need to be. It would kill OAUTH completely.
Won’t this make it super easy to track down whoever’s using this?
Yeah. You have to make a developer account to make an API token in order to setup any of those oauth options.
Granted, you could just put in random bullshit in the developer accounts, but generally I’d bet google would still know who the person involved is.
So I’m thinking back to the times I’ve used it. I want to say I assume they have a way to track where this is being used based on referrer, but I don’t remember clearly enough. I don’t think a given token has to be tied to any URL. You just get a token and validate it with a service.
But people who use it on a daily basis could probably answer more definitively. I’ve just used it a couple of times and didn’t bother retaining it because it’s easy to figure out when you need it.