- Why do I have to put my username and password there?
- Because Lemmy currently doesn’t allow any other way to authenticate. As soon as OAuth or something similar is supported, I’ll be switching to that.
- Are the passwords stored anywhere?
- Nope, your password is not stored - it’s only used for getting an authentication token which is then used to authenticate as your user. The whole authentication logic is in this file. The password is also used in this file if your account has 2FA enabled but it’s immediately discarded as well.
- Are the authentication tokens stored anywhere?
- Yes, but only if you create any scheduled job (post, pin/unpin etc.). Your authentication token is not stored for logging in to the app but it needs to be stored with each scheduled job so that the job can impersonate you and post in your name. Note that due to the current implementation, even cancelled posts store your authentication token until their original scheduled time.
You must log in or register to comment.