I wasn't thinking about downstream requests where you still need both
tokens, just token requests ... yeah, that's rough.
On Sat, Jul 4, 2009 at 10:38 PM, Dossy Shiobara<do...@panoptic.com> wrote:
> On 7/4/09 5:30 AM, Andrew Badera wrote:
>> I haven't done much "real" desktop OAuth, mostly web ... but can't you
>> simply proxy the request through your own server, and keep the secret
>> on your server, serving client requests centrally?
> Yes, yes you can - then you get to enjoy the Twitter rate limit issue and
> having to scale to accomodate concurrent sessions.
> The "beauty" of desktop applications is the decentralized nature, using
> resources "close" to the user (as opposed to "further away" on a server).
> This means scaling per user is "built in" as the user brings their own
> OAuth's implicit requirement of funneling everything through a server in
> order to protect a secret is a defect in the design of OAuth, one that I've
> raised on the OAuth mailing lists to which I received the response of "well,
> that's not a problem OAuth is trying to solve." In other words: EPIC FAIL.
> Dossy Shiobara | do...@panoptic.com | http://dossy.org/
> Panoptic Computer Network | http://panoptic.com/
> "He realized the fastest way to change is to laugh at your own
> folly -- then you can let go and quickly move on." (p. 70)