> @taylor > So key exchange is done based on consumer key only.(No need to verify the > signature?.Makes sense as this is distributed )So any abuse by the end user > will only lead to the ban of child app ? (assuming the final auth requests > are signed by the generated secrets (chid app secret and user secret only) )
IDSOWFT, but that is the way I understand it. -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Roger Waters, public health officer: "Careful with that pox, Eugene!" ------
