[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] XOAUTH2 integration, and a few questions

From: Ken Hornstein
Subject: Re: [Nmh-workers] XOAUTH2 integration, and a few questions
Date: Thu, 30 Jun 2016 09:20:40 -0400

>Yes.  Refresh tokens, unlike access tokens, are long-lived.
>However, either may stop working at any time, for any unspecified

Thanks for the info!

One thing that jogs my memory; you said before you had created a nmh
project to register the client key and secret for nmh, and that we should
resolve the ownership of that.  I think we should get other developers
involved on that project, just in case something happens to you.

Also, I do have a question about that ... obviously our client "secret"
isn't really secret, since it's embedded in our source code which is
available for download.  Is that to identify apps so users have more
fine-grained permission control?  Do other open-source applications
just embed the secret in their source code?  I guess that means other
applications could take our secret and pretend to be nmh; I'm not sure
that's a problem, but I just wanted to understand it.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]