It's pretty common for other OpenID-accepting sites to also give users the option to create a password, so there are multiple credentials associated with their account. Accepting OpenID doesn't necessarily mean that external apps can't do username/password authentication.
Desktop apps and browsers are in practice running in the same security domain. There are good reasons to avoid people giving their username/password to other web apps but this doesn't apply to desktop apps.
People already do run Launchpad clients from text-only servers and from non-Ubuntu desktops. So anything that _requires_ having a special client side app is also doomed.
istm that leaving open the option to send an http-authenticated request with username and password to create a token, without needing to fake a browser, would be useful.
Just a few other points:
It's pretty common for other OpenID-accepting sites to also give users the option to create a password, so there are multiple credentials associated with their account. Accepting OpenID doesn't necessarily mean that external apps can't do username/password authentication.
Desktop apps and browsers are in practice running in the same security domain. There are good reasons to avoid people giving their username/password to other web apps but this doesn't apply to desktop apps.
People already do run Launchpad clients from text-only servers and from non-Ubuntu desktops. So anything that _requires_ having a special client side app is also doomed.
istm that leaving open the option to send an http-authenticated request with username and password to create a token, without needing to fake a browser, would be useful.