On Jun 12, 11:49 am, Bernd Stramm <bernd.str...@gmail.com> wrote:
> secure against what?

The threat that OAuth's security-through-obscurity fails to protect
against is rogue-app B doing something bad while using legit-app A's
stolen credentials.  The author of app A gets blamed for app B's bad
behavior and app A gets shut down.  In other words, it's a denial of
service attack against applications, not against users.

Application authors are being asked to devote substantial resources to
the OAuth conversion, but OAuth provides no security for application
authors!

Reply via email to