![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://lemmy.hogru.ch/api/v3/image_proxy?url=https%3A%2F%2Flemmy.ml%2Fpictrs%2Fimage%2Fq98XK4sKtw.png)
Is the token not keyed to a specific source? I would have expected it to operate similarly to an SSL cert, where part of the verification process is that the source is the correct origin that the token belongs to - so if someone just lifted a valid cert to put into a malicious one, it would catch anything from changing a single character in the project name to changing the repository host (i.e. GitHub to GitLab)
The thing with those is that, while it was a small amount of content, it wasn’t just a mission, each was about an hour of repeatable content that was fairly fun to farm. At $2, they actually still felt worth it with as much fun as B2 was. If they had asked for like $10 each, people would have flipped out.
I’m not a Starfield player, but I would bet this is not even close to as good of a value proposition.