this post was submitted on 06 Aug 2023
1191 points (98.9% liked)

Announcements

23287 readers
2 users here now

Official announcements from the Lemmy project. Subscribe to this community or add it to your RSS reader in order to be notified about new releases and important updates.

You can also find major news on join-lemmy.org

founded 5 years ago
MODERATORS
 

This is an opportunity for any users, server admins, or interested third parties to ask anything they'd like to @nutomic@lemmy.ml and I about Lemmy. This includes its development and future, as well as wider issues relevant to the social media landscape today.

Note: This will be the thread tmrw, so you can use this thread to ask and vote on questions beforehand.

Original Announcement thread

you are viewing a single comment's thread
view the rest of the comments
[–] plasticmonkey@lemm.ee 2 points 1 year ago (6 children)

How come I can natively log into my Lemmy apps on iPhone / iOS, but with every single Mastodon app, it opens a Safari window to try log in?

(Reason: I blocked the browser, and just want to use the apps I specifically chose as daily drivers, still testing out Lemmy + Mastodon apps.)

[–] TheSaneWriter@lemmy.thesanewriter.com 10 points 1 year ago (5 children)

That's called OAuth2, it's a security feature. By logging into the official UI and that UI returning a login token, potentially malicious mobile apps are prevented from stealing your login credentials. For Lemmy the majority if not all of the current mobile clients are safe, but if a malicious one sprouts up it could use native login to steal your credentials and store them on a malicious server.

[–] plasticmonkey@lemm.ee 5 points 1 year ago (4 children)

Thanks so much for explaining. But why is it that Mastodon has that 0auth on every app, and Lemmy doesn't? They both apps from the fediverse, just strange for them to be acting so differently.

[–] mrlavallee@lemmy.world 10 points 1 year ago (1 children)

Even though they are both fediverse they still are quite different and one of the important differences is that lemmy does not support oauth so apps don’t have that option, as for why all mastodon apps use it: it’s because of the security benefits to the user and (as a lemmy app developer) implementing auth is hard lol

[–] plasticmonkey@lemm.ee 2 points 1 year ago

Oh okay, so does that mean that Lemmy is less secure and more prone to outsiders stealing login info, than with Mastodon? I ask as 0auth seems to be quite important based on some of the comments.

load more comments (2 replies)
load more comments (2 replies)
load more comments (2 replies)