> OAuth IS unfamiliar, YES. OAuth DOES ask more of the user, YES.

So what's the upside for the third-party developer?

In terms of security, we've already seen how OAuth-like applications
in, e.g., Facebook have led to massive hacker/phishing/etc problems.
While OAuth solves one leg of the security problem (not actually
having their password), OAuth'd apps still have complete API access to
the account and can run rampant before the user realizes or figures
out how to revoke credentials.

Reply via email to