OneDrive Client written in D
skilion via Digitalmars-d-announce
digitalmars-d-announce at puremagic.com
Wed Sep 23 01:38:57 PDT 2015
On Wednesday, 23 September 2015 at 04:30:23 UTC, Rikki Cattermole
wrote:
> You probably should not be exposing developer information for
> authentication.
> You need to get the authentication fixed. Users should login
> via user/pass.
I think you are referreing to the the fields client_id and
client_secret in the config file.
As I understand it, if a service is using OAtuh2, it is exactly
to allow its users to use third party apps without leaking the
username and password. My app is registered as a desktop
application, so it should be assumed that the client "secret"
can't be really kept secret like in a web app.
Knowing the client secret allows you to produce API calls under
my app name, but you still need to get a permission from the user
to access their data.
More information about the Digitalmars-d-announce
mailing list