Does anybody know why Box.com makes an authorization code so difficult to create a program? I wrote some code to do this through screen-scraping, and then recently broke it because (as far as I can tell) an HTTP request parameter has changed from [root_readwrite] to root_readwrite. I was able to fix it properly (thank you Fidler), but why do developers go into this problem?
Based on the number of questions on this subject, many developers need to do this, possibly the reason for the good, and I do not think it can be stopped, so why not just give a hug?
Martin
The problem with the OAuth program is that it is effectively OAuth To defeat the point of the user should be presented with the box login page so they can not give their username and password directly to their app. This allows users to see which permission is permitted on your app's account (scope) and they are allowed to cancel your app at any time.
Login The program means that at some point your app knows the user's password. It is necessary that the user trusts you not to do something malicious, which is usually not possible unless you are a trusted name. The user also has to rely on that you want to handle your credentials properly and will not use them in an insecure manner.
The box wants to encourage developers to do the authentication correctly and safely, and therefore in order to possibly support OAuth programming, you should try to log in to a supported page by visiting the box long page. .
No comments:
Post a Comment