I am trying to understand how OAuth really works. So far I understood the workflow of the authentication process, but I don't get why it is that safe to use a third party OAuth provider. I mean they have our credentials and can do anything with them. Can't they just authorize other apps without letting us know?
Asked
Active
Viewed 138 times
0
-
2I think this question is pretty a duplicate. The answer is that you want to trust these big companies because they have a lot to lose – usr-local-ΕΨΗΕΛΩΝ Jul 25 '18 at 20:11
1 Answers
1
Why trust a certificate authority? Why trust the developers of the apps you use? Why trust your OS manufacturer? Why trust your hardware manufacturer?
Each one may or may not be worthy of your trust, but at some point, you have to trust something. A company whose entire business model is being trusted seems like as good a choice as any.
Mike Ounsworth
- 57,707
- 21
- 150
- 207