undefined | Better HN

0 pointsascorbic9mo ago0 comments

The evil site usually says something like "enter the code from our identity partner x" or something, which is a lot more believable when it's a service like Microsoft that does provide services like that.

0 comments

gethly9mo ago

That is not how oAuth works.

ascorbicOP9mo ago

That's the point: this isn't OAuth. It's just a way to phish the code.

gethly9mo ago

If it is not oAuth, where does Microsoft come from then?

j / k navigate · click thread line to collapse

0 comments

gethly9mo ago

That is not how oAuth works.

ascorbicOP9mo ago

That's the point: this isn't OAuth. It's just a way to phish the code.

gethly9mo ago

If it is not oAuth, where does Microsoft come from then?

j / k navigate · click thread line to collapse