Sunday, November 8, 2009

Google's OAuth doesn't seem to support wave as a scope yet?

After releasing Unofficial Google Wave Notifier, many people have claimed it may steal gogle password.
They are right. you should not trust me nor the app. From beginning I know the issue, I'm sorry, but I'v neglected the security concern as I hasten to release the app.
(A poor execuse to prove my innocence. I open the source. Suspicious users should review the source and build a binary from reviwed source.)

Current version (0.4) of the app uses ClientLogin for Installed Applications for authentication. In the process, apps handles passwords immediatly.

By contrast with ClientLogin, apps which uses OAuth for Installed Application handles oauth tokens instead of precisous passwords.

It is obvious that I should choose OAuth. However I can't get it so far. At OAuth Playground, I tried to get oauth_token. The paramerters I specified are:
scope: https://wave.google.com/wave/
oauth_signature_method: HMAC-SHA1
oauth_consumer_key: anonymous
consumer secret: anonymous
And the response is:
Invalid scope: https://wave.google.com/wave/


By choosing other scope, I can get a oauth_toke.... I missed something? or Google doesn' support wave as a oauth scope (yet)?
Posted by at 3 comments:
Labels: , ,

Tuesday, November 3, 2009

Unofficial Google Wave Notifier for mac 0.4 and the notification wave



I'v just released version 0.4 of Unofficail Google Wave Notifier for mac.
Also, if you wanna be notified about new releases, join The "unoffical google wave notifier for mac" notification wave.

CHANGELOG
* Open a specific wave immediately by clicking a wave in the menu
* Display "Checked N min ago" biside "Check Now" like "Google Notifier"
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)