I'm not an engineer, but I play one on TV.
Moderator at Reactiflux.
Security Enthusiast.
Cat lover.
Currently in the process of redoing my personal site, I know the ssl cert is expired :)
That's probably a bit less clear than I intended. Essentially I feel that OAuth is something you do because the thing you do is authenticate with some trusted third party. It's not enough that you're just a user of that third party, you have to actually authenticate with them to prove that you are who you say you are.
I'm not an engineer, but I play one on TV.
Moderator at Reactiflux.
Security Enthusiast.
Cat lover.
Currently in the process of redoing my personal site, I know the ssl cert is expired :)
That's probably a bit less clear than I intended. Essentially I feel that OAuth is something you do because the thing you do is authenticate with some trusted third party. It's not enough that you're just a user of that third party, you have to actually authenticate with them to prove that you are who you say you are.
Ah, I see. Thank you for the clarification there π
So you have to "do" some actual work to prove that you are who you say you are.
Right and you're doing it in a third party's application which is where the distinction comes from IMO