1 devlog
1h 12m 37s
An extension to automatically sync Flavortown devlogs into a GitHub repository.
Devlog: Adding Hack Club OAuth for Account Verification
Today I implemented Hack Club OAuth authentication to improve trust and prevent misuse in my project.
The Problem
Previously, it was possible for anyone to submit projects for automation. This created several risks:
- users could submit projects that were not theirs
- identities could be impersonated
- the system could be abused with fake or unauthorized submissions
I needed a reliable way to verify that an account actually belongs to the person using it.
The Solution: Hack Club OAuth
To address this, I integrated Hack Club OAuth into the backend.
When a user authenticates:
- They are redirected to Hack Club for login and authorization.
- Hack Club verifies their identity.
- The API returns the user’s verified identity data.
- The Slack ID is retrieved from the identity object.
Because this information comes directly from Hack Club’s authentication servers, it cannot be forged by the user.
Why This Matters
This ensures that I can verify a user’s identity instead of relying on self-reported information.
With OAuth in place:
- accounts can be tied to a verified Hack Club identity
- impersonation becomes significantly harder
- future automation features can rely on trusted identity data
Implementation Notes
- Implemented OAuth authorization redirect
- Exchanged authorization code for an access token
- Extracted the verified Slack ID from the identity object
Current Status
At this stage, OAuth authentication is fully working and identity verification is in place. This lays the foundation for securing future automation features.
Next steps will build on this verified identity layer.
0
Log in to leave a comment