|
|
|
|
|
|
by Noumenon72
2900 days ago
|
|
|
I think https://aaronparecki.com/oauth-2-simplified/ explains that the cryptographic signature approach (if that's what they mean by "client secret") was discarded because mobile apps and single-page Javascript apps can't maintain the confidentiality of a secret anyway. So maybe OAuth 1.0 is only better for apps running on a server? |
|
|