Closed TerryMooreII closed 2 years ago
🤷🏼♂️ That is the url they setup for auth, not me. You can check the ownership of the url in a whois lookup. https://www.whois.com/whois/ibmcloud.com It is for sure not owned by me. Looks like it is owned by IBM. You can trust them or not. I don’t use this anymore because I no longer have a Ford vehicle.
On Dec 14, 2021, at 3:03 PM, Terry Moore @.***> wrote:
I would trust this a lot more if I knew the auth url was a ford.com address and not potentially your ibmcloud.com function stealing and proxying my creds :)
You can view, comment on, or merge this pull request online at:
https://github.com/d4v3y0rk/ffpass-module/pull/10
Commit Summary
55e367f Update to use ford.com address for authentication File Changes (1 file) M index.js (4) Patch Links:
https://github.com/d4v3y0rk/ffpass-module/pull/10.patch https://github.com/d4v3y0rk/ffpass-module/pull/10.diff — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
I would trust this a lot more if I knew the auth url was a ford.com address and not potentially your ibmcloud.com function stealing and proxying my creds :)
I no longer have any way to test this. Would you like to take over ownership?
I would trust this a lot more if I knew the auth url was a ford.com address and not potentially your ibmcloud.com function stealing and proxying my creds :)
Is IBMCloud like AWS or GCP? Does it host user stuff?
Yes ibmcloud.com is the same as AWS/GCP. Therefore, as a was jokingly referring to, you could have hosted a service on ibmcloud, stole our ford creds and then forwarded that request off to ford and returning the access token via this module with no one the wiser But like I said, it was a joke. I dont really want to take over this module as I dont actually use it. I found this via a link in another project that is using the same ford api endpoints as you and figured I would fix it upstream before notifying that project. I did test this new URL via postman and it returns the same json object as the current ibmcloud url.
btw, this was great work sniffing the app traffic to get this info. Much appreciated!
I would trust this a lot more if I knew the auth url was a ford.com address and not potentially your ibmcloud.com function stealing and proxying my creds :)