On Mon, Feb 1, 2010 at 8:11 PM, John Kristian <[email protected]> wrote:
> In theory, a service provider could handle a change of consumer > credentials, and continue to accept access tokens that it issued to > that consumer previously. But that seems dangerous. If the consumer > credentials were revealed to an attacker, it seems likely that access > tokens and secrets were also revealed. > That's true. I wish I left out the second part of my email, it basically stated an obvious question and its obvious answer. I mostly just wanted other's thoughts on the matrix of pros/cons I laid out. > I assume we're talking about > http://oauth.googlecode.com/svn/spec/ext/consumer_request/1.0/drafts/2/spec.html > or something similar. > Yep. -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
