Please Do Not Ask For The User’s Scratch Username And Password

[Fluffy728]

Please do not use their usernames and passwords for sign up, instead we could try to use the Scratch APi for comments, I could make an auth project and we could ask for the user’s username, ask them to comment a code (BUT MAKE IT DIFFRENT EVERYTIME), then when they press OK, it checks if and who commented the code. Then they get signed in with that user that was used to comment the generated code. Or you could use Scratch Auth.

Even if you don’t store it it could scare users off, the website could get deleted, and people can hack. It also says “sign in with scratch”.

• Remove the form
• Complete it

[mcgdj]

Right. I was thinking the scratch API would ensure the username exists, then generate a key (like an SSH key) for the pw.

[mcgdj]

I'll work on it now. The last thing we want is to scare away users, though the login is only stored locally.

[Fluffy728]

Also can you accept the invite that I sent you for the organization? It will automatically grant you access to new repos I make (but it will only auto grant you access if it is Coding Hut related.)

[mcgdj]

Got it. Also, I didn't realize Github didn't support PHP. I fixed it (so it just uses JavaScript), and I still think we're better off than before, but this is still something I have to make sure doesn't happen again...

[Fluffy728]

What about Scratch Auth? Do we need that?