On 7/4/09 5:30 AM, Andrew Badera wrote:
I haven't done much "real" desktop OAuth, mostly web ... but can't you
simply proxy the request through your own server, and keep the secret
on your server, serving client requests centrally?

Yes, yes you can - then you get to enjoy the Twitter rate limit issue and having to scale to accomodate concurrent sessions.

The "beauty" of desktop applications is the decentralized nature, using resources "close" to the user (as opposed to "further away" on a server). This means scaling per user is "built in" as the user brings their own resources.

OAuth's implicit requirement of funneling everything through a server in order to protect a secret is a defect in the design of OAuth, one that I've raised on the OAuth mailing lists to which I received the response of "well, that's not a problem OAuth is trying to solve." In other words: EPIC FAIL.

Dossy Shiobara              | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network   | http://panoptic.com/
  "He realized the fastest way to change is to laugh at your own
    folly -- then you can let go and quickly move on." (p. 70)

Reply via email to