nor can oauth assure the provider that a desktop app is legitimate when the app authenticates itself to the provider.
John Kristian wrote: > An OAuth Consumer that's deployed to users' desktops or mobile devices > can't keep a secret. One should assume its consumer key and consumer > secret will be known to attackers. Consequently, OAuth doesn't really > assure the user that he's authorizing a legitimate copy of the > Consumer software.