I finally managed to put some time on my OAuth application... I
released a proof of concept and would like your opinion on the matter.
Basically, it is a Android OAuth broker as discussed above.
On another note, I red about the OAuth AccessorSecret which could be
interesting in situation similar
Rather than assign a different consumer secret to each device, I
suggest each device get a unique access token secret using OAuth; that
is by asking the user to authenticate to each service provider and
authorize the device. (The token secret and consumer secret are
separate elements in OAuth.)
Hey folks,
I'm the product manager for the API and integrations at FreshBooks.
Decided to pop my head in here because we're facing this issue right
now.
On Aug 19, 12:23 pm, Brian Eaton bea...@google.com wrote:
On Wed, Aug 19, 2009 at 4:01 AM, Carl H.charr...@gmail.com wrote:
I am currently
A user should be responsible for his access token secret. If he
reveals it to an attacker, he should expect the attacker can
impersonate him, just as if he gave his authorized mobile device to
the attacker. An application can help prevent such a mistake, by
making it difficult for the user to
Hey John,
A couple responses.
On 20-Aug-09, at 9:03 PM, John Kristian wrote:
If an application turns out to be malicious, I don't know how you can
unauthorize it without unauthorizing other applications on the same
device. Does Android provide some way for one software module to
identify
On Aug 20, 9:00 am, Sunir su...@freshbooks.com wrote:
It's insufficient to provide a key for each device, since the key can
be cloned by an attacker and used on another device. e.g. if you gave
Alice the consumer key AlicesPhone for her mobile, she could give her
key to Bob and he can use it
We're in uncharted territory here. At least I don't know of any
working systems like this. So take my ideas with healthy skepticism.
Yes, a service provider should be able to unauthorize a consumer
easily. But if the consumer is composed of multiple applications
(sharing a token and secret),