Good question. If you find anything, let me know and I can add ... • Aaron Parecki

44°F

Fred Emmott https://twitter.com/fredemmott • Jan 14
Does anyone have an approachable article for "don't trust the client"? Best I've found is the OAuth threat model RFC (RFC 6819), but it's a bit too long to ask others to read for a quick overview :) (not work related)

Good question. If you find anything, let me know and I can add a link to it on https://oauth.net/2/native-apps/

Portland, Oregon, USA • 39°F

Mon, Jan 14, 2019 10:00am -08:00

1 reply
Have you written a response to this? Let me know the URL:
- Aaron Parecki twitter.com/aaronpk
  
  oh you're definitely not crazy, I just sometimes forget that not everybody already knows this :-) Most of what I've written on this starts with the assumption that the reader already knows mobile apps can't keep secrets.
  
  Mon, Jan 14, 2019 6:10pm +00:00 (via brid-gy.appspot.com)

Posted in /replies using quill.p3k.io