John/Zhihong, I would like to add something to the 'client being uprotected with the consumer secret'. A client can be a reliable consumer if it protects the secret. It's true that clients are easier to crack then a consumer that is a web server, but again the server consumer can also be broken. John mentioned an interesting use case for a crooked iPhone app to steal the consumer secret of a legible app on the same phone. I also think that the key chain in iPhone can be read by other apps on it but we can encrypt the secret to prevent such an attack.
Thanks, Monis On Jul 26, 9:26 pm, Sean Sullivan <[email protected]> wrote: > On Sun, Jul 26, 2009 at 8:12 AM, Ethan Jewett <[email protected]> wrote: > > > iPhone apps can register custom protocol handlers and then pass a callback > > url like "apphandler://callback/url/here" > > There is a detailed explanation of how this process works that I found here: > >http://www.mobileorchard.com/apple-approved-iphone-inter-process-comm... > > > I'm pretty sure that this is how the Pownce iPhone app works. Other apps, > > like the Dopplr app appear to work the same way. > > This blog entry has more info about the Pownce iPhone app and OAuth: > > http://immike.net/blog/2008/09/08/oauth-on-the-iphone/ > > I'm using a similar technique in my Android apps: > > http://code.google.com/p/jfireeagle/wiki/Android > > http://code.google.com/p/jpoco/wiki/Android > > Cheers, > > Sean --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
