YoAuth

Holy insecure demo batman<p><a href="https://yoauth.herokuapp.com/authorize?redirect_to=http%3A%2F%2Fyoauth.herokuapp.com%2Ftest.html&amp;username=&#x27;&gt;&lt;MARQUEE&gt;XSS&lt;/MARQUEE&gt;&lt;!--" rel="nofollow">https:&#x2F;&#x2F;yoauth.herokuapp.com&#x2F;authorize?redirect_to=http%3A%2...</a><p>And they want me to trust them with authentication?

Yo is useless and IMO anyone that has or will put money into it no longer has any credibility as an angel&#x2F;VC. Yoauth actually is comparatively useful, but unfortunately Yo does not and never will have the critical mass to make anyone want to implement it as an authentication scheme. Twitter is a distant second to Facebook in the authentication space, and Yo is no Twitter.

I&#x27;m really glad this saw the light of day. So many people were criticizing Yo for being &#x27;useless&#x27; and all that, instead of trying to think about what to create with it.

Error: Invalid username<p>I see this string in the URL on the demo page so I&#x27;m not sure what this does.

Is it easy to &quot;Yo&quot; back someone if they&#x27;re not in your contacts? On the android app I don&#x27;t see how to do that.<p>Also, the security of this seems questionable.<p>There are other, more interesting uses of the yo API: <a href="https://medium.com/@YoAppStatus/yo-developers-api-e7f2f0ec5c3c" rel="nofollow">https:&#x2F;&#x2F;medium.com&#x2F;@YoAppStatus&#x2F;yo-developers-api-e7f2f0ec5c...</a>

Why does the user need to receive a Yo? Wouldn&#x27;t it be better to ask users for their handle, and then tell them to Yo a specific account in 30 seconds? If it worked like that, yoauth couldn&#x27;t be used for spam, nor could you Yo someone you know in order to get their credentials if they replied.

The author of YoAuth (Bilawal) is one of the awesome student hackers helping to bring the hackathon movement to the UK. <a href="http://mlh.io/about/team#uk-team" rel="nofollow">http:&#x2F;&#x2F;mlh.io&#x2F;about&#x2F;team#uk-team</a>

Well, this certainly blows my yo-based Pomodoro Timer out of the water.

You can see a demo here! <a href="https://www.hackerbracket.com/hacks/show/53d448e3dfb586b54fab6c44" rel="nofollow">https:&#x2F;&#x2F;www.hackerbracket.com&#x2F;hacks&#x2F;show&#x2F;53d448e3dfb586b54fa...</a>

Even my non-developer friends think this is awesome.<p>Because it is.

Wow, I was also working on this exact thing... Even own www.yoauth.com and the &#x27;YOAUTH&#x27; username on yo....<p>Glad someone made it a reality!

What if you enter someone else&#x27;s Yo handle and the user naively Yo back, you will then access his account&#x2F;data&#x2F;whatever, I imagine.

So I can use your app to spam other people? Nice :)

What if the user doesn&#x27;t receive the Yo in time to authorize? Yo&#x27;s always seem to take a while to reach me.

I authenticated as authyo using two tabs. Super secure :)<p>It&#x27;s a fun hack. Nicely done.

&lt;3 so much creativity out there.

What is the point of this?

Plain http links? I suggest using TLS&#x2F;SSL for any authentication platform. I know it&#x27;s a quick hack, but you can quickly setup a secure proxy with Cloudflare.

F! I was working on the same thing! Nice work!