> > The problem here is distinguishing the two. OAuth doesn't (and I was > > told this by one of the people on the OAuth committee) specifically > > allow you to unambiguously and securely identify an application just > > because it has a certain app key > > Huh? Can you translate this into either English or pseudo-code? I fill > out a form. The app gets a name, which must be unique. And I choose > between a desktop exclusive-or server app (PIN workflow exclusive-or > callback workflow) with a radio button. I get a consumer key and > consumer secret, also, I'm assuming, unique.
Didn't we just get done with a thread where people complained, correctly, that a desktop app containing a consumer key/secret can't keep those things secret? -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Of course, what I really want is total world domination. -- Linus Torvalds -