ForumsDevelopersAPI for desktop apps

API for desktop apps

Author	Message
Simon W	Posted: Sep 20, 2017 Score: 0 Reference Simon W Posted: Sep 20, 2017 Score: 0 Reference Hi, Are there any plans for releasing an OAuth authorization endpoint that is suitable for desktop or open-source apps? The current flow isn't really applicable, because the secret key would have to be embedded in the app and would therefore be susceptible to discovery be a persistent user. Twitter/Google etc. already have these flows and I think they're standardised - are you planning to roll one out here? Thanks, Simon
Jake Toodledo Founder	Posted: Sep 20, 2017 Score: 0 Reference Jake (Founder) Posted: Sep 20, 2017 Score: 0 Reference We are considering it. Right now, the worst that could happen if a persistent user found you secret key is that they could use the API and pretend to be your app. This would skew our internal statistics about which apps are being used, but it wouldnt have an outward facing outcome. Our API is free and will give a secret key to anyone who wants one, so I dont think it's a big security consideration.

Author

Message

Simon W

Posted: Sep 20, 2017

Score: 0 Reference

Simon W
Posted: Sep 20, 2017
Score: 0
Reference

Hi,

Are there any plans for releasing an OAuth authorization endpoint that is suitable for desktop or open-source apps?

The current flow isn't really applicable, because the secret key would have to be embedded in the app and would therefore be susceptible to discovery be a persistent user. Twitter/Google etc. already have these flows and I think they're standardised - are you planning to roll one out here?

Thanks,
Simon

Jake

Toodledo Founder

Posted: Sep 20, 2017

Score: 0 Reference

Jake (Founder)
Posted: Sep 20, 2017
Score: 0
Reference

We are considering it.

Right now, the worst that could happen if a persistent user found you secret key is that they could use the API and pretend to be your app. This would skew our internal statistics about which apps are being used, but it wouldnt have an outward facing outcome. Our API is free and will give a secret key to anyone who wants one, so I dont think it's a big security consideration.

You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.