On 09/23/2015 08:38 AM, Rory McGuire via Digitalmars-d-announce wrote:
Problem is right now anyone can make an app and pretend its your app, and then ...If the user gives your keys access to their stuff so does anyone else who has your keys, if they can get the oauth2 redirect to redirect to a matching url at least.
Isn't oauth/openid just kindof a big bundle of such phishing problems anyway?