The client id is generated on oauth server when setting up credentials for an app / webservice.
You could never trust an app checksum because you would never know if it was fake. (Also this would only be something you could consider if you were implementing an oauth server or you had some intermediate server) On Thu, Sep 24, 2015 at 2:53 AM, Charles via Digitalmars-d-announce < digitalmars-d-announce@puremagic.com> wrote: > On Wednesday, 23 September 2015 at 13:01:54 UTC, Rory McGuire wrote: > >> I think this should be on reddit either way. Perhaps someone will suggest >> a >> way around the oauth2 limitation. >> Having to generate new client secrets just to use an app that already >> exists seems like a mission, so providing a default set that work and the >> user can just make sure they get the original app seems more practical. >> i.e. download binary from a reputable place i.e. your distributions repos. >> >> Also you are doing the same way everyone else does it; by prompting at >> the command line sooo.... >> >> > > I don't know to much about oauth2, but could we in theory add a layer of > security by only allowing some client id that has a sort of checksum based > on the source code of the application? I don't know how client ids are > generated, but its just a thought. > >
