Reader comments

Google Play services bringing new OAuth tools to Android

7 Comments

There are some real problematic issues with Oauth 2.0, so much so that the lead author and editor Eran Hammer washed his hands of the whole process.

There is a discussion about it on his blog, but the key points are that an Oauth tokes are very much subject to man-in-the-middle attacks, or purpose-shifting (requesting access for one use, and using that access for a multitude of other things).

His final recommendation to potential users is "If you are currently using 1.0 successfully, ignore 2.0. It offers no real value over 1.0".

I was going to post the same thing...except that everyone is switching to OAuth 2.0 anyways (including Facebook who did it last year)...

requesting access for one use, and using that access for a multitude of other things

As a developer, not android, this is my concern. I am also not a tinfoil hat, just curious

How come apps like gReader Pro and Tasks were able to use the built in Google Account authorization? How is this different?