Comment by sneak
10 hours ago
It's their OAuth token, it's not being stolen. It's just being copied from one place on their computer to another. This is no different than a competing browser importing your localStorage and cookies from Chrome on first launch.
No, the OAuth token is supposed to be used solely with the context of a first-party app only. Clearly, if you need to extract the key by reverse engineering or set up a proxy to spoof requests to a service, you're doing something shady.
> No, the OAuth token is supposed to be used solely with the context of a first-party app only.
The web doesn't work like that. The operators of google.com saying you must only use Chrome to load it is a ridiculous concept. It's not spoofing to use your own access credentials on your own computer to access your own account on an HTTP API.
By this logic video game companies shouldn't be allowed to ban cheaters.
>The web doesn't work like that. The operators of google.com saying you must only use Chrome to load it is a ridiculous concept.
I have no idea what you are talking about. Chrome? Are you sure you are replying to the right thread?