Thursday, 12 December 2013

Re: OAuth Client Ids in packages?

On Wed, 2013-12-11 at 21:51 +0100, bjoern wrote:
> Hi,
> as LibreOffice (or rather libCMIS) grew itself the option to connect directly
> to GDrive in 4.2:
> I wonder how that would need to be handled in packaging in the end: Access to
> the Google API requires a OAuth Client Id/Secret pair for the binary to be
> backed in. Obviously, the specific pair used cant be public otherwise it likely
> will be abused (and revoked).

Google states in its API documentation[1] that they do not expect
applications installed on user sites to be able to keep secrets from the
user, so I don't think it will be problematic for you.

Google themselves include some keys in their open source projects, see
[2] for example.



Luke Faraone
Maintainer of "googlecl" in Debian & Ubuntu Developer

ubuntu-devel mailing list
Modify settings or unsubscribe at: