On Wednesday, 23 September 2015 at 13:01:54 UTC, Rory McGuire
wrote:
I think this should be on reddit either way. Perhaps someone
will suggest a
way around the oauth2 limitation.
Having to generate new client secrets just to use an app that
already
exists seems like a mission, so providing a default set that
work and the
user can just make sure they get the original app seems more
practical.
i.e. download binary from a reputable place i.e. your
distributions repos.
Also you are doing the same way everyone else does it; by
prompting at the command line sooo....
I don't know to much about oauth2, but could we in theory add a
layer of security by only allowing some client id that has a sort
of checksum based on the source code of the application? I don't
know how client ids are generated, but its just a thought.
