On Mon, Feb 1, 2010 at 8:11 PM, John Kristian jmkrist...@gmail.com wrote:
In theory, a service provider could handle a change of consumer
credentials, and continue to accept access tokens that it issued to
that consumer previously. But that seems dangerous. If the consumer
credentials were
On Sat, Jan 30, 2010 at 5:32 PM, John Joseph Bachir
johnjosephbac...@gmail.com wrote:
I realize that this wasn't one of the goals of OAuth, and on a
service-by-service basis it seems reasonable for the onus of security and
data-management to be
Hit the save button too soon on that -- was
In theory, a service provider could handle a change of consumer
credentials, and continue to accept access tokens that it issued to
that consumer previously. But that seems dangerous. If the consumer
credentials were revealed to an attacker, it seems likely that access
tokens and secrets were also