There are no app-specific servers. With OAuth, instead of passing user
credentials, you use YOUR consumer key and consumer secret which identifies
your application.
You get an access token after the user has allowed your application to have
access to their account. You will then use that access
Ryan,
By credentials, I meant the OAuth tokens, consumer keys, etc.
Wouldn't they be visible to the browser/desktop-client? And hence, couldn't
they be copied and reused by somebody so determined?
Personally, I think the chance of this kind of attack would be rare and
limited. I just wanted to
By credentials, I meant the OAuth tokens, consumer keys, etc.
Wouldn't they be visible to the browser/desktop-client? And hence, couldn't
they be copied and reused by somebody so determined?
Not necessarily the tokens, but the consumer keys could be extracted. This is
an acknowledged
On Sat, Nov 7, 2009 at 9:46 PM, Cameron Kaiser spec...@floodgap.com wrote:
By credentials, I meant the OAuth tokens, consumer keys, etc.
Wouldn't they be visible to the browser/desktop-client? And hence,
couldn't
they be copied and reused by somebody so determined?
Not necessarily the
