On 7/4/09 5:30 AM, Andrew Badera wrote:
I haven't done much "real" desktop OAuth, mostly web ... but can't you
simply proxy the request through your own server, and keep the secret
on your server, serving client requests centrally?
Yes, yes you can - then you get to enjoy the Twitter rate limit issue
and having to scale to accomodate concurrent sessions.
The "beauty" of desktop applications is the decentralized nature, using
resources "close" to the user (as opposed to "further away" on a
server). This means scaling per user is "built in" as the user brings
their own resources.
OAuth's implicit requirement of funneling everything through a server in
order to protect a secret is a defect in the design of OAuth, one that
I've raised on the OAuth mailing lists to which I received the response
of "well, that's not a problem OAuth is trying to solve." In other
words: EPIC FAIL.
Dossy Shiobara | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network | http://panoptic.com/
"He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)