nor can oauth assure the provider that a desktop app is legitimate when
the app authenticates itself to the provider.

John Kristian wrote:
> An OAuth Consumer that's deployed to users' desktops or mobile devices
> can't keep a secret. One should assume its consumer key and consumer
> secret will be known to attackers. Consequently, OAuth doesn't really
> assure the user that he's authorizing a legitimate copy of the
> Consumer software.

Reply via email to