Google's Oauth for Installed apps vs. Oauth for Web Apps

Posted by burgerguy on Stack Overflow See other posts from Stack Overflow or by burgerguy
Published on 2010-04-03T01:44:38Z Indexed on 2010/04/03 1:53 UTC
Read the original article Hit count: 373

Filed under:

oauth

|

google

|

authentication

|

gdata

|

gdata-api

So I'm having trouble understanding something...

If you do Oauth for Web Apps, you register your site with a callback URL and get a unique consumer secret key. But once you've obtained an Oauth for Web Apps token, you don't have to generate Oauth calls to the google server from your registered domain. I regularly use my key and token from scripts running via an apache server at localhost on my laptop and Google never says "you're not sending this request from the registered domain." It just sends me the data.

Now, as I understand it, if you do Oauth for Installed Apps, you use "anonymous" instead of a secret key you got from Google.

I've been thinking of just using the OAuth for Web Apps auth method, then passing that token to an installed app that has my secret code embedded in its innards. The worry is that the code could be discovered by bad people. But what's more secure... making them work for the secret code or letting them default to anonymous?

What really goes bad if the "secret" is discovered when the alternative is using "anonymous" as the secret?

© Stack Overflow or respective owner

Related posts about oauth

Issues POSTing XML to OAuth and Signature Invalid with Ruby OAuth Gem

as seen on Stack Overflow - Search for 'Stack Overflow'
[Cross-posted from the OAuth Ruby Google Group. If you couldn't help me there, don't worry bout it] I'm working on integrating a project with TripIt's OAuth API and am running into a weird issue. I authenticate fine, I store and retrieve the token/secret for a given user with no problem, I can even… >>> More
how do i install PHP with JSON and OAuth on Mac Snow Leopard?

as seen on Server Fault - Search for 'Server Fault'
i want to use the dropbox api via this library http://code.google.com/p/dropbox-php/ i installed MAMP then I tried "sudo pecl install oauth" but I got downloading oauth-1.0.0.tgz ... Starting to download oauth-1.0.0.tgz (42,834 bytes) ............done:… >>> More
How do I install PHP with JSON and OAuth on Mac Snow Leopard?

as seen on Server Fault - Search for 'Server Fault'
I want to use the Dropbox API via this library, http://code.google.com/p/dropbox-php/. I installed MAMP, and then I tried sudo pecl install oauth but I got the following. >>>> downloading oauth-1.0.0.tgz ... Starting to download oauth-1.0.0.tgz (42,834 bytes) ............done: 42… >>> More
Oauth for Google API example using Python / Django

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am trying to get Oauth working with the Google API using Python. I have tried different oauth libraries such as oauth, oauth2 and djanog-oauth but I cannot get it to work (including the provided examples). For debugging Oauth I use Google's Oauth Playground and I have studied the API and the… >>> More
OAuth::Problem (parameter_absent)

as seen on Stack Overflow - Search for 'Stack Overflow'
Im working with OAuth 0.3.6 and the linkedin gem for a Rails application and I have this issue where OAuth throws an error saying that OAuth::Problem (parameter_absent). The thing is it doesn't throw the error on every occasion its called and the problem is I am unable to reproduce the issue locally… >>> More

Related posts about google

Removing malware of a particular kind

as seen on Super User - Search for 'Super User'
I need to remove some malware from my computer. It is a trojan, and very annoying. It blocks access to Google and search sites. The trojan, with its name spelled out on each line cause it seems to block sites when i reference it in a url, is a r t (some text to mess it up) e m (more text i s First… >>> More
Trouble installing Matlab

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
So whenever I try to install Matlab, the first image appears, but then goes away and that's the end of it. Here's what I'm doing- user@host$> cd ~/mathworks_downloads user@host$> unzip matlab_R2012a_student_glnx86_installer.zip user@host$> ./install The Matlab logo and image pop up here… >>> More
Google chrome is always searching in local google domain instead of Google.com

as seen on Super User - Search for 'Super User'
I have changed in the searched preferences to google.com but still when I do search from the address bar (instant or non-instant) it will go to google.co.kr. Even though I change "Google.com in English", still same... The only way is to open google.com website first, then do search in it. So the… >>> More
Google I/O 2010: Google TV Keynote - Introducing Google TV

as seen on Google Code - Search for 'Google Code'
Google I/O 2010: Google TV Keynote - Introducing Google TV Due to licensing and permissions issues, we are unable to show the full Google TV demonstration from the Day 2 keynote at Google I/O. Until we are able to get these permissions, please check out these clips. For Google I/O session videos… >>> More
Google I/O 2010: Google TV Keynote - Android Apps On Google TV

as seen on Google Code - Search for 'Google Code'
Google I/O 2010: Google TV Keynote - Android Apps On Google TV Due to licensing and permissions issues, we are unable to show the full Google TV demonstration from the Day 2 keynote at Google I/O. Until we are able to get these permissions, please check out these clips. For Google I/O session videos… >>> More