search

luosx / oauth

Automatically exported from code.google.com/p/oauth
Apache License 2.0
0 stars 0 forks source link

FAQ: Blank consumer secret? #3

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
1.  We don't want to use a "Consumer Secret" because our consumers are
going to be distributed/open source/unsecurable and we don't want to give
the wrong idea, can we use OAuth?

Yes.  Consumer Secrets may be an empty string.  (I know its like the 2nd
line of the document, but still its a FAQ)  Additionally as an SP you could
track whether a Consumer Secret was used and assign different trust levels
to Tokens.

Original issue reported on code.google.com by kel...@gmail.com on 20 Sep 2007 at 3:06

GoogleCodeExporter commented 9 years ago 
ignore numbering, cut and paste issue.

Original comment by kel...@gmail.com on 20 Sep 2007 at 3:08

GoogleCodeExporter commented 9 years ago 
http://oauth.pbwiki.com/AccessorSecret might also be helpful, if it's possible 
to 
use a consumer secret when requesting a token.  For example, requests for 
tokens 
might be passed from unsecured clients via a secure proxy to the service 
provider.  
The proxy would hold the consumer secret and sign the requests.

Original comment by jmkrist...@gmail.com on 23 Oct 2008 at 4:04

GoogleCodeExporter commented 9 years ago 
shaozhu7069@gmail.com

Original comment by ShaoZhu7...@gmail.com on 17 Jul 2011 at 10:47