On Jun 12, 11:49 am, Bernd Stramm <bernd.str...@gmail.com> wrote: > secure against what?
The threat that OAuth's security-through-obscurity fails to protect against is rogue-app B doing something bad while using legit-app A's stolen credentials. The author of app A gets blamed for app B's bad behavior and app A gets shut down. In other words, it's a denial of service attack against applications, not against users. Application authors are being asked to devote substantial resources to the OAuth conversion, but OAuth provides no security for application authors!