Not 100% sure what you are suggesting. Are you suggesting for the authorization step that instead of directing the user to twitter instead receive a captcha image which the user inputs that # and we send back to get the access token? I am not sure that is such a good idea, mainly because captchas are pretty easy to interpret by machines. It's just too risky that an attacker will guess the correct value and thus gain entry to some user's account. If I am misinterpreting your idea, please let me know.
Josh On Fri, Jan 22, 2010 at 8:05 AM, John Meyer <john.l.me...@gmail.com> wrote: > This may have been proposed by somebody sometime in the past (forgive me for > not having enough coffee in my system to muster up the energy to search the > archives ;-)), but here it goes: what if, rather than a web page URL, we > could receive a captcha image and have the user input the code. That would > allow desktop users more flexibility in displaying the authorization. It > wouldn't be perfect (I'm sure console developers wouldn't like it), but I > think it would be a little better than what is coming up now. Thoughts? >