> you can simply add an additional header saying "client id" which the servi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

ryanpetrich on Dec 2, 2011 | parent | context | favorite | on: The OAuth chronicles: I am not stupid

> you can simply add an additional header saying "client id" which the service provider can then use to "secure" his er her service as he sees fit.

OAuth 2.0 is basically that + a standardized protocol for requesting a "client id", which is why it's completely insecure over standard HTTP.

dpres on Dec 8, 2011 [–]

Thats why OAuth2.0 protocol is limited to HTTPS and is said to never be implemented over HTTP.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact