Google and OAuth 2.0
mkmelin+mozilla at iki.fi
Tue Apr 29 11:22:15 UTC 2014
On 28.04.2014 18:16, Ben Bucksch wrote:
>> * Are there any ramifications on open source software in particular?
> OAuth contains a "client secret", I hear. That's inherently
> incompatible with client software, and open source all the more. OAuth
> is designed for websites, where the server can easily keep secrets.
There is a "secret", but it doesn't need to be kept secret here.
Being able to easily support flows where the clients that can't keep a
secret was one of the motivations for OAuth 2.0.
More information about the tb-planning