Hi, On Tue, May 17, 2011 at 9:39 AM, David Zeuthen <zeut...@gmail.com> wrote: > OTOH, if calculating the SASL response involves e.g. private API keys > like it does for calculating the IMAP SASL response, see > > http://code.google.com/apis/gmail/oauth/protocol.html > > then... then I think GOA _will have_ to contain D-Bus API for doing > this.. because.. we might not want to add API for people to get the > consumer private key because that precludes us from supporting > services where the API key has to be kept a secret. I don't know. Then > again, such TOS are more or less incompatible with free software so > I'm not losing sleep if some downstream can't easily support them. I > don't know. Can of worms.
Actually, sorry, I'm smoking crack here - the OAuth Consumer Secret is of course needed for regular OAuth HTTP requests so we _will_ need to expose the OAuth Consumer Secret in our APIs. Note that OAuth 2.0 and bearer tokens just makes a lot of these things a lot easier since it assumes a secure transport instead of allowing providers to use insecure transports. Cheers, David _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org http://mail.gnome.org/mailman/listinfo/desktop-devel-list