Dear nov, thank you for your advice. > In that environment, token secret can be hidden?
Though the token secret is stored untill obtaining access token to compute signature, the token secret can be hidden. > If not, you shouldn't use anonymous OAuth. > If you cannot hide consumer secret (or private key when using RSA- > SHA1) neither, you might should use OAuth proxy. The consumer key and value are fixed as 'anonymous'. However as you mentioned, I could use the specific mode in my case because the token secret can be hidden. > > thanks > nov matake > > On Nov 28, 9:50 pm, hitoshi uchida <[email protected]> wrote: > > > > > Hi all, > > > Concerning 'anonymous' mode supported Google OAuth provider for > > installed application, is it always safe to use the specific mode in > > consumer services ? > > > I would like to execute a consumer service which can't be reachable > > because it is executed in user's LAN environment, and the service > > retrieves user' datas from GData service. > > So I have a secutiry concern about the 'anonymous' mode. > > > Regards, > > Hitoshi Uchida -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
