You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now although the Frontend is considered untrusted, the security guarantees aren't so ambitious. The Frontend can't misuse the oauth credentials directly (and cannot for example mint more teleports), but since the frontend receives all the NFT IDs (one time redeem codes), so it can spend any tokens minted.
It would be great to remove this. However, it's also really useful to be able to log in again from a different browser and see the inventory of Teleports URLs you have available to share.
So, a good strategy could be for the blockchain to include encrypted NFT IDs, so as long you can get a viewing key in a logged-in browser session (perhaps derived from a signature on a message using the Sign In With Ethereum, dunno) then you should be able to enumerate your inventory
The text was updated successfully, but these errors were encountered:
Right now although the Frontend is considered untrusted, the security guarantees aren't so ambitious. The Frontend can't misuse the oauth credentials directly (and cannot for example mint more teleports), but since the frontend receives all the NFT IDs (one time redeem codes), so it can spend any tokens minted.
It would be great to remove this. However, it's also really useful to be able to log in again from a different browser and see the inventory of Teleports URLs you have available to share.
So, a good strategy could be for the blockchain to include encrypted NFT IDs, so as long you can get a viewing key in a logged-in browser session (perhaps derived from a signature on a message using the Sign In With Ethereum, dunno) then you should be able to enumerate your inventory
The text was updated successfully, but these errors were encountered: