(SECURITY) Your client's secret token for VK is visible!

[sasdallas]

Hello, @IgorTimofeev.

I was fooling around on OpenComputers with MineOS (very good job btw, love the OS), and discovered your VK secret is visible. If you open the VK app and type in random garbage into email and password, it returns a HTTP response code 401, then prints the URL.

Problem is: the URL contains your client_secret and client_id as parameters. Maybe parse an HTTP response code 401 as a failure to login for VK?

Attached image:

[CoolCat467]

Well yes, this is how you are able to log in to VK. This is following everything that the official VK doccumentation says to. According to people on StackOverflow here, everything in the URL is encrypted. The only thing anyone watching the network can see is the domain name you are attempting to connect to, which in this case is oauth.vk.com.

Basically, there is nothing security wise out of the ordinary here and this is not an issue.

[IgorTimofeev]

your VK secret is visible

It's not mine, it was taken from decompiling official android app, so.. :p

Maybe parse an HTTP response code 401 as a failure to login for VK?

Ok, one moment, I'll delete URL showing from login UI