Ideally, you have a flow where you ask the user to input their password to confi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		solatic 7 months ago \| parent \| context \| favorite \| on: Dear OAuth Providers Ideally, you have a flow where you ask the user to input their password to confirm ownership, then merge. Otherwise, you're allowing the OAuth provider to back-door into established accounts.

block_dagger 7 months ago [–]

Good call. I had not considered the OAuth provider acting nefariously.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact