search

s5707011858088 / oauth-pam

Automatically exported from code.google.com/p/oauth-pam
0 stars 0 forks source link

Full oAuth #1

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
1. The module in its current state does not allow for the extended security of 
Google's oAuth (E.g., multi-factor authentication, Captcha, etc)
2. The success/failure is based on the number of bytes returned, and does not 
check for an actual valid response from Google.  If Google were to modify their 
implementation in the future, the module could let the user in erroneously.
3. This module requires that the password be sent to the application and could 
be captured in the middle; this defeats one of the biggest oAuth advantages 
(external assertions).

I would suggest that the module leverage Google's methods for "limited input 
devices" (https://developers.google.com/accounts/docs/OAuth2ForDevices)

Original issue reported on code.google.com by jerrywil...@gmail.com on 16 Oct 2013 at 1:52

GoogleCodeExporter commented 8 years ago 
You've listed this issue as "Priority-Medium", however until this is fixed 

-->NO ONE should install this module<--

and I think that should be noted in the Project Home page.

Original comment by ave0...@gmail.com on 18 Oct 2013 at 3:25