• Add a Comment
  • Edit
  • More Actions v
  • Quarantine this Entry

Comments (1)

1 Jeff Hoy commented Permalink

Great analysis, and glad to see the response. OAuth 1.0a had a major flaw around mobile and non-browser clients, that you mention at the end. We heard reports of application developers embedding OAuth 1.0a client secrets into mobile applications, compromising the entire security model. There was no other way to handle mobile applications in 1.0a. OAuth 2.0 does a much better job around mobile and non-browser clients, which has become incredibly important, so I was surprised to see the controversy.

Add a Comment Add a Comment