There is really no need to tell the user you are storing them because it
contains no information about them.  The OAuth also tells the user what
previliges they are authorizing your app to have.

And normally, users don't care what happens behind the scenes as long as it

Sent from my DROID

On Jan 4, 2010 1:55 AM, "M. Edward (Ed) Borasky" <> wrote:

On Jan 3, 7:39 am, ryan alford <> wrote:

> In the Desktop workflow, you don't have to enter the PIN every time.  The
> user is NOT required t...
Yes ... but you should inform the user that you are storing these
tokens on their behalf, and you should inform the user what privileges
they have granted you application. In my case, it's not a big
inconvenience for the user to go through the oAuth process every time
the app runs, so I don't do it. And I think there are some things that
aren't obvious about security and privacy when you just point your
browser to the "allow/deny" decision page. My users tend not to
believe in "magic" and tend to want to know what can possibly go
wrong. ;-)

I'm in the process of writing my own wrapper text for the oAuth
process. Once that's done, I'll add the code to save the tokens.

Reply via email to