Re: [Nmh-workers] XOAUTH2 integration, and a few questions

[Ken Hornstein]

>Yes.  Refresh tokens, unlike access tokens, are long-lived.
>However, either may stop working at any time, for any unspecified
>reasons.

Thanks for the info!

One thing that jogs my memory; you said before you had created a nmh
project to register the client key and secret for nmh, and that we should
resolve the ownership of that.  I think we should get other developers
involved on that project, just in case something happens to you.

Also, I do have a question about that ... obviously our client "secret"
isn't really secret, since it's embedded in our source code which is
available for download.  Is that to identify apps so users have more
fine-grained permission control?  Do other open-source applications
just embed the secret in their source code?  I guess that means other
applications could take our secret and pretend to be nmh; I'm not sure
that's a problem, but I just wanted to understand it.

--Ken