OneDrive Client written in D
Rory McGuire via Digitalmars-d-announce
digitalmars-d-announce at puremagic.com
Wed Sep 23 05:38:42 PDT 2015
Problem is right now anyone can make an app and pretend its your app, and
then ...
If the user gives your keys access to their stuff so does anyone else who
has your keys, if they can get the oauth2 redirect to redirect to a
matching url at least.
On Wed, Sep 23, 2015 at 10:38 AM, skilion via Digitalmars-d-announce <
digitalmars-d-announce at puremagic.com> wrote:
> On Wednesday, 23 September 2015 at 04:30:23 UTC, Rikki Cattermole wrote:
>
>> You probably should not be exposing developer information for
>> authentication.
>> You need to get the authentication fixed. Users should login via
>> user/pass.
>>
>
> I think you are referreing to the the fields client_id and client_secret
> in the config file.
>
> As I understand it, if a service is using OAtuh2, it is exactly to allow
> its users to use third party apps without leaking the username and
> password. My app is registered as a desktop application, so it should be
> assumed that the client "secret" can't be really kept secret like in a web
> app.
>
> Knowing the client secret allows you to produce API calls under my app
> name, but you still need to get a permission from the user to access their
> data.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.puremagic.com/pipermail/digitalmars-d-announce/attachments/20150923/8bbcc44a/attachment.html>
More information about the Digitalmars-d-announce
mailing list