Google and OAuth 2.0

Magnus Melin mkmelin+mozilla at iki.fi
Tue Apr 29 11:22:15 UTC 2014


On 28.04.2014 18:16, Ben Bucksch wrote:
>> * Are there any ramifications on open source software in particular?
>
> OAuth contains a "client secret", I hear. That's inherently 
> incompatible with client software, and open source all the more. OAuth 
> is designed for websites, where the server can easily keep secrets. 

There is a "secret", but it doesn't need to be kept secret here.
Being able to easily support flows where the clients that can't keep a 
secret was one of the motivations for OAuth 2.0.

  -Magnus



More information about the tb-planning mailing list