YoAuth

MasterScrat 11 years ago |

Holy insecure demo batman

https://yoauth.herokuapp.com/authorize?redirect_to=http%3A%2...

And they want me to trust them with authentication?

mrThe 11 years ago | |

https://yoauth.herokuapp.com/authorize?redirect_to=http://yo... and here too

bilawal 11 years ago | |

The 2 hour product was doomed, but I've rewritten it enough to be secure.

downandout 11 years ago |

Yo is useless and IMO anyone that has or will put money into it no longer has any credibility as an angel/VC. Yoauth actually is comparatively useful, but unfortunately Yo does not and never will have the critical mass to make anyone want to implement it as an authentication scheme. Twitter is a distant second to Facebook in the authentication space, and Yo is no Twitter.

btown 11 years ago | |

To be fair, we don't know what goes on behind the scenes. Yo has simply proven that its creators are audacious enough, and good enough at marketing, to make something go viral. Perhaps they have other ideas, other business plans that are currently in stealth, and they're getting funding for them under the Yo umbrella. These are smart people investing in them, and Occam's Razor would seem to indicate that it's highly unlikely that the investors all got collective amnesia from head injuries and changed their vetting/due diligence strategies overnight.

downandout 11 years ago | | |

The recurring excuse for the investment is "look at the engagement". Toilets have incredible engagement as well - billions of people use them multiple times per day - but we don't put millions of investment dollars into them. Well, maybe the people investing in Yo do, but most people don't.

chasing 11 years ago | | |

The toilet is probably a bad comparison. Smart people are putting millions of dollars into improving them.

http://www.gatesfoundation.org/media-center/press-releases/2...

argonaut 11 years ago | | |

Yes, and if you showed me impressive engagement and virality metrics for a toilet that had network effects and a plausible recurring revenue stream (ads), then I would definitely invest (of course no such toilet product exists - toilets don't have strong network effects and don't have a plausible recurring revenue stream in the form of ads).

btown 11 years ago | | |

> virality metrics for a toilet

Toilets: the only technology sector where there's a direct correlation between "input sanitization" and "virality metrics..."

Dru89 11 years ago | |

Don't get me wrong, the app is fairly ridiculous. Projects like this though help show what even the simplest of concepts can provide, though.

To be fair, I'm not sure how secure YoAuth would be, but this particular hack seems like an awesome use of it. It's simple to use and could compete alongside something like Google Authenticator as a simple way to log in to something.

nashequilibrium 11 years ago | |

I just a headline today that the company behind yo released a new photo messaging app: http://thenextweb.com/apps/2014/07/28/makers-yo-back-new-mes...

underyx 11 years ago |

I'm really glad this saw the light of day. So many people were criticizing Yo for being 'useless' and all that, instead of trying to think about what to create with it.

angilly 11 years ago | |

Much easier to berate than create.

sergiotapia 11 years ago |

Error: Invalid username

I see this string in the URL on the demo page so I'm not sure what this does.

Paul_Dessert 11 years ago | |

Same here. I'm having a hard time understanding why I should use this. What's the benefit?

freerobby 11 years ago | |

You need to use your Yo username.

McGlockenshire 11 years ago | | |

Where is that explained anywhere in the user interface? Or perhaps in the title of the page? Or maybe the link title here?

dergachev 11 years ago |

Is it easy to "Yo" back someone if they're not in your contacts? On the android app I don't see how to do that.

Also, the security of this seems questionable.

There are other, more interesting uses of the yo API: https://medium.com/@YoAppStatus/yo-developers-api-e7f2f0ec5c...

nostromo 11 years ago | |

The security is way beyond questionable.

Seriously, don't use this. (Alice tries to log in to Bob's account. Bob receives a yo. Bob yos back to be nice without knowing this is an oauth scheme. Alice now has access to Bob's account.)

But that's not to critique these guys, because I think this is a fantastic hackathon project!

yefim 11 years ago | |

As soon as AUTHYO yo-s you, it's popped to the top of your Yo friend list. So it's very quick to yo back.

rdvrk 11 years ago |

Why does the user need to receive a Yo? Wouldn't it be better to ask users for their handle, and then tell them to Yo a specific account in 30 seconds? If it worked like that, yoauth couldn't be used for spam, nor could you Yo someone you know in order to get their credentials if they replied.

dustincoates 11 years ago | |

A friend and I built a similar service (also at the Yo hackathon) and what you mention is similar to the way we handled it. I don't think it's been publicly announced, but Yo can now receive links on iOS.

The service we built (http://yosesame.com) works by having you Yo YOSESAME, which signs you up if you aren't already and responds with a URL that logs you in right way. The way Yoauth approached it is interesting, but you're right it's a bit strange to have to receive a Yo.

theyCallMeSwift 11 years ago |

The author of YoAuth (Bilawal) is one of the awesome student hackers helping to bring the hackathon movement to the UK. http://mlh.io/about/team#uk-team

thebrettd 11 years ago |

Well, this certainly blows my yo-based Pomodoro Timer out of the water.

reddog9287 11 years ago |

You can see a demo here! https://www.hackerbracket.com/hacks/show/53d448e3dfb586b54fa...

fndrplayer13 11 years ago |

Even my non-developer friends think this is awesome.

Because it is.

dsyko 11 years ago |

Wow, I was also working on this exact thing... Even own www.yoauth.com and the 'YOAUTH' username on yo....

Glad someone made it a reality!

geoffreyy 11 years ago |

What if you enter someone else's Yo handle and the user naively Yo back, you will then access his account/data/whatever, I imagine.

icebraining 11 years ago |

So I can use your app to spam other people? Nice :)

meandave 11 years ago | |

I would recommend http://yofor.me/ for that

notduncansmith 11 years ago |

What if the user doesn't receive the Yo in time to authorize? Yo's always seem to take a while to reach me.

msfty 11 years ago |

I authenticated as authyo using two tabs. Super secure :)

It's a fun hack. Nicely done.

angilly 11 years ago |

<3 so much creativity out there.

mousetree 11 years ago |

What is the point of this?

angilly 11 years ago | |

It lets you log into websites using Yo.

hayd 11 years ago | | |

This doesn't answer the question! :p

zszugyi 11 years ago | | |

Neither does going to justyo.co. :)

mmahemoff 11 years ago |

Plain http links? I suggest using TLS/SSL for any authentication platform. I know it's a quick hack, but you can quickly setup a secure proxy with Cloudflare.

pauldino 11 years ago | |

Actually you don't even need that, *.herokuapp.com comes with https for free.

edoceo 11 years ago |

F! I was working on the same thing! Nice work!

thomasreggi 11 years ago | |

Whats the difference from oAuth?

haaaaaaryf 11 years ago | | |

an edit distance of 1

georgemcbay 11 years ago | | |

Upvoted for first instance of Levenshtein-related joke I've ever seen.

depoll 11 years ago | | |

All of the other things you've seen have been Levenshtein yokes?

benchin 11 years ago | | |

Fully agree, can safely assume I probably won't hear another ever again

tomphoolery 11 years ago | | |

this is history in the making right here fellas!