Comment 20 for bug 532055

> That seems like an extremely marginal improvement to me.

Leonard & Pool: The problem is that programmers are used to jumping through multiple logical streams of thought in order to get a job done. Plus most of them understand what's going on with OAuth. I don't object to the web browser being used in application workflow for my own benefit, but because of what it represents to a designed workflow. Disfiguring things in ways that a desktop user will not understand and will not want to proceed with.

I did a test of 12 users at the SETC to find out what they though of a web browser popping up. It disrupted and confused not only the target app, but existing browser sessions the user was in.

There might not be security gains (to be honest I think you guys go too far and assume too much of users) I plead with you to think of solutions to the design problems. I want a solution that is not complex, that you will agree to implement, that doesn't involve the web browser and that other developers will be happy to use.

The only thing coming close that I can see is a special OAuth tool (cli and desktop based) that checks your ssh keys and creates for you a set of keys if you don't have them and uploads the public key. Allowing each desktop application hence to gain access through that key.

Otherwise just re-enable password authentication.