Oh, one more thing about Sign-in with Mastodon

I plan to update the code to revoke the oauth token immediately after logging in so it can't be used by admins to access your account.

The whole web works on trust, but I figure its worth mentioning that when you use Sign-in with Mastodon, the Pixelfed server you're doing this on will have a copy of your Mastodon token. If you don't trust this, then hold off until I ship this!

Everything will be publicly auditable as it's open source ✨

4
Share
Share on Mastodon
Share on Twitter
Share on Facebook
Share on Linkedin
Replies