On Fri, Mar 19, 2010 at 11:44 AM, Brian Eaton <[email protected]> wrote: > Plaintext doesn't work in this context, because it sends long-lived > secrets in clear-text to servers that are under the control of the > application author, or, in the case of gadgets, everyone viewing the > gadget.
Ah, the other reason plaintext doesn't work is because one of the goals is to guarantee the integrity of the identity information passed in the request - neither the application author nor the viewer of the application is permitted to tamper with those parameters. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
