Open DianaNites opened 2 years ago
Nican
commented
2 years ago Uhh-- The security of this tool is really bad, and also I share tokens without much care for the origin user.
It would require quite some refactoring to make this work properly.
You can un-protect your account, run the graph, and protect it again.
DianaNites
commented
2 years ago What do you mean by share tokens? What security problems are there?
Nican
commented
2 years ago The way users are authenticated is by setting a localStorage with the userId. It is super easy to go in there, and just change the id.
And by sharing tokens, meaning that I may use User A's OAuth token to retrieve the list of User B's friend list. When the user logs-in, it just goes into a giant pool of tokens to start downloading user profiles. I would have to single out the protected user account's token to download their friend lists, otherwise I would get an access denied error from Twitter.
I wanted a graph but my account is protected, so even though I give permission to it, I can't get a graph?