To support invalidating credentials (e.g. in case of theft), a service provider should enable a user to identify them. A user faced with a list of unintelligible keys can't decide which one to invalidate. They need to be labeled 'Picasa on my laptop' or 'Picasa at the office' or something meaningful to the user.
On Apr 12, 10:57 pm, John Kristian <jmkrist...@gmail.com> wrote: > The service provider would enable a user to revoke her access tokens, > e.g. in case they're stolen. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---