Thanks a lot folks for all your inputs. It sounds like as long as I use SSL the right way, there is no apparent danger of using PLAINTEXT even though I discard the check for timestamp and nonce. I am trying to make it easy on our consumers to use our APIs using OAuth. It sounds like using HTTPS (yes.. we have valid expensive certificate for our website) with PLAINTEXT is a great way to improve the adoption.
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---