undefined | Better HN

0 pointsthrowawaymobule2mo ago0 comments

Those are set by the site requesting the login though.

I believe what they are referring to is custom permissions set by the person logging in, regardless of what the app itself requested.

e.g. login, disable all writes, all attempted repo writes using that oauth token fail.

0 comments

3 comments · 1 top-level

verdverm2mo ago· 2 in thread

It sounds more like they are referring to the prior atproto transition:* scope that had no restrictions, which was horrible, re: every app needs a new account

Today, apps can limit the permissions they request during login. I don't see the dynamic, assuming they mean something where during approval you can deselect options, as a horrible situation. That's something very few apps do even outside of atproto.

jFriedensreich2mo ago

No I am talking about users not being able to change the app permissions. App developers are not the ones to set my permissions, they can reccomend what their apps could need but any platform not giving users final say cannot be taken seriously.

verdverm2mo ago

You must not use very many apps, or must have a ton of accounts. Plenty of apps taken seriously that don't have this dynamic feature. (speaking generally, not specific to atproto)

1 more reply

j / k navigate · click thread line to collapse