But it completely subverts the point of OAuth, because it lets a third party have your password. Why even use OAuth in that case?
On Mon, Oct 12, 2009 at 19:01, Zhami <stu...@zhameesha.com> wrote: > > > > On Oct 12, 5:44 pm, Sebastian <sdelm...@gmail.com> wrote: > > The solution for OAuth on Mobile and Desktop is easy: > <snip> > > Let me rewrite this in plain english: let the app ask for login/ > > password and pass it to twitter. > <snip> > > All we need is a simple API call where we can trade a login and > > password for an oauth access token, bypassing the browser. > > I think this is a grand idea, and wanted to acknowledge it. > > This solution removes the password from being bandied about endlessly > with Basic Auth, but is appropriate for the world of desktop apps > where users are comfortable providing their password because > applications often ask for access restricted information. > -- Internets. Serious business.
