micahlt
[Idea] Scratch Authenticator
Is your feature request related to a problem? Please describe. Sometimes you can't post comment codes or you want a simpler way to authenticate. That's why I made Scratch Authenticator, which combines 3 different Scratch verification methods (comment codes, cloud variables, and user/pass) that are similar to the OAuth2 standard.
Describe the solution you'd like Rather than using an in-house verification method, you can redirect users to auth.sverify.cf (obviously with the client ID) to authenticate there. Then, users will be redirected back with a code that you can exchange for their username on our servers.
Describe alternatives you've considered You could implement this inside Modchat, but I have gone through the trouble of building it and I think it could save you time. (If you don't trust how I handle passwords (and thats only if people use that method) or other user data, I can invite you to the repl.)
Additional context Related to #66 EDIT: It is even better than SOA2, see #62
I really appreciate your enthusiasm! However, I've got a few comments.
First of all, ScratchOAuth2 was a name already in use by @Semisol before you made this. So... not gonna lie, it doesn't look good to name your (extremely similar) service the exact same thing.
Second, regarding trust with passwords: @Semisol's SOA2 is most likely going to be hosted on the same servers as the Scratch Wiki, which provides a lot more trust than some Repl that could change at any point to console.log a user's password. Not saying I don't trust you - just saying that it's better to have it be more official.
Finally, the UI could use a few tweaks. For an OAuth-like service, the interface really needs to be nice and minimal as to not get in the way of the user's experience with the primary site. Your SOA2's site is a little bit busy and distracting, especially the colorful hexagonal background and the large amount of text that's instantly visible. At the very least, I'd recommend hiding all of the "about" text in a <details> element.
I really appreciate your enthusiasm! However, I've got a few comments.
First of all, ScratchOAuth2 was a name already in use by @Semisol before you made this. So... not gonna lie, it doesn't look good to name your (extremely similar) service the exact same thing.
Second, regarding trust with passwords: @Semisol's SOA2 is most likely going to be hosted on the same servers as the Scratch Wiki, which provides a lot more trust than some Repl that could change at any point to
console.loga user's password. Not saying I don't trust you - just saying that it's better to have it be more official.Finally, the UI could use a few tweaks. For an OAuth-like service, the interface really needs to be nice and minimal as to not get in the way of the user's experience with the primary site. Your SOA2's site is a little bit busy and distracting, especially the colorful hexagonal background and the large amount of text that's instantly visible. At the very least, I'd recommend hiding all of the "about" text in a <details> element.
Point 1: I agree with that. The release was postponed a lot due to some bug in the code that was forgotten Point 2: I do not recommend anyone ask for someone's password. That makes it look suspicious as hell. Point 3: It really needs some changes.
And I do not plan on asking for passwords, ever. And also, if you are banned, you can still use SOA2 for 1 year after the login (session expiry, if you did not clear your cookies) so that should be more than enough to allow modifying your accounts.
@Semisol:
Point 2: I do not recommend anyone ask for someone's password. That makes it look suspicious
Well, yes, but at some points that's necessary. Such as in the Itchy mobile app we have password login to enable reading messages in the app.
Point 3: It really needs some changes.
Doesn't your SOA2 use GitHub's Primer design system? The screenshot/concept (not sure which) that you showed me looked snazzy as heck!
Well, yes, but at some points that's necessary. Such as in the Itchy mobile app we have password login to enable reading messages in the app.
Like, only for authentication that is not needed.
Doesn't your SOA2 use GitHub's Primer design system? The screenshot/concept (not sure which) that you showed me looked snazzy as heck!
It did, We moved to MW tho for simplicty. The MW page kind of is bland atm (We want the product don first)
I am planning on the future to do some CSS, but that is not the main goal right now.
I really appreciate your enthusiasm! However, I've got a few comments.
First of all, ScratchOAuth2 was a name already in use by @Semisol before you made this. So... not gonna lie, it doesn't look good to name your (extremely similar) service the exact same thing.
Second, regarding trust with passwords: @Semisol's SOA2 is most likely going to be hosted on the same servers as the Scratch Wiki, which provides a lot more trust than some Repl that could change at any point to
console.loga user's password. Not saying I don't trust you - just saying that it's better to have it be more official.Finally, the UI could use a few tweaks. For an OAuth-like service, the interface really needs to be nice and minimal as to not get in the way of the user's experience with the primary site. Your SOA2's site is a little bit busy and distracting, especially the colorful hexagonal background and the large amount of text that's instantly visible. At the very least, I'd recommend hiding all of the "about" text in a
element.
- I first developed this with no idea that @Semisol had made the same thing 😂 and when I DMed them to show it apparently they had been working on something very similar!
- I can't stress this enough, and if you'd like I can hide the UI for the password and only keep it for people who really need it. The whole point of the password system is not for everyone to enter their Scratch password to access ModChat. It is supposed to be an alternative option if you can't post a comment or run a project because you are banned. If you're banned, your account still exists and you can still log in to see the "you are banned" page. I will make the repl public and invite you as a multiplayer if you would like.
- Yes, I agree, the UI definitely needs some updating, and I'm working on it.
Also, could you show me how it is better than SOA2? Lol I will make it a priority to fix the naming issue, but this is (in my opinion) better than your SOA2 because it offers multiple login methods, will be open source, and allows users that are banned from Scratch to log in (passing a "Banned" flag with it, to warn ModChat).
And ofc, I'm open to ideas. Just let me know and I'll add them in.
And if we do end up using @Semisol's SOA2, I'd at least like to help with that. I'm a little upset that SOA2 is closed source and not open for contributors. :/
And if we do end up using @Semisol's SOA2, I'd at least like to help with that. I'm a little upset that SOA2 is closed source and not open for contributors. :/
Well it is private until release. If you had that concern just tell me it...
EDIT: It is even better than SOA2, see #62
Also anything backing this up? But the UI looks good.
EDIT: It is even better than SOA2, see #62
Also anything backing this up? But the UI looks good.
Cloud and passwords
EDIT: It is even better than SOA2, see #62
Also anything backing this up? But the UI looks good.
Cloud and passwords
Passwords, stop using it as an excuse. It is a feature 99.9% of people would not use, it seems sketchy, no one would need to log in when banned, and how can you be trusted when you can literally log the password? Also, cloud makes me feel sorta weird about authentication bugs, and don't projects load slower than comments? And what is the point? (Only muted, but like, why would you be muted?) If needed, which it won't, it will be added.
EDIT: It is even better than SOA2, see #62
Also anything backing this up? But the UI looks good.
Cloud and passwords
Passwords, stop using it as an excuse. It is a feature 99.9% of people would not use, it seems sketchy, no one would need to log in when banned, and how can you be trusted when you can literally log the password? Also, cloud makes me feel sorta weird about authentication bugs, and don't projects load slower than comments? And what is the point? (Only muted, but like, why would you be muted?) If needed, which it won't, it will be added.
It depends. A small project can be loaded quickly. Also works if you're muted. And the password feature is going to be hidden from the UI, so that it doesn't look sketchy, bot provides a way to log in for banned users.
If you don't trust me, don't enter your password. It's that simple.
99% of people who need it won't so what is the point?
Also, are we arguing over literally having cloud and not having cloud?