10:33 PM, David Recordon wrote:
> Yes. I was agreeing with your point and suggesting that the profile
> have the client secret added to the request. :)
>
> On Mon, Mar 8, 2010 at 9:12 PM, Jason Hullinger
> wrote:
> > In the Spec (as of 0.9.7.2) for 5.3 (Username and Password prof
his profile as well.
>
> --David
>
> On Mon, Mar 8, 2010 at 8:22 PM, Jason Hullinger
> wrote:
> > If one were to obtain the client id of a partner, under the vanilla
> > username/password profile, how would a provider prevent non-partners from
> > connecting to a provid
If one were to obtain the client id of a partner, under the vanilla
username/password profile, how would a provider prevent non-partners from
connecting to a provider who has implemented this profile?
~/Jason
On Mon, Mar 8, 2010 at 8:01 PM, Allen Tom wrote:
> Hi Ethan -
>
> In Yahoo's case, we
with no real way of
stopping it after it's implemented.
~/Jason Hullinger
On Thu, Mar 4, 2010 at 9:37 PM, Dick Hardt wrote:
> As was discussed on the OAuth list, desktop apps can NOT be secured, so
> there is no way to ensure it really is the desktop app you think it is. For
> most
