On May 28, 3:42 pm, jr conlin <[email protected]> wrote:
> > It may just be that there are certain environments that one can't do > OAuth. I'd rather that folks use a different auth mechanism for those > than further confuse the standard. > Well said. I've been thinking along the same lines after I met a few folks at IIW and discussed the same. This impacts registration (as there is no registration if everyone uses the same key/secret), and also the database side of things at the provider if the provider is maintaining database tables cross-referencing a consumer_key against issued token(s). Installed apps may need to use a really "modified" OAuth flow to meet the same level of security as the web-app scenario, but that will end up changing the protocol so much that it may not resemble the original.. -cheers, Manish --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
