<p>Well the problem is OAuth2 isn't really a protocol, it's more of a toolkit that can you can use to design a protocol.</p>
<p>I've no objection to supporting it if somebody wants to do the work, but I don't really have the time or energy to do enough reading and research myself to come up with something.</p>
<p>I'm not sure what you mean by "client side consumer key vulnerability" though - if you just mean the fact that you need to have a key on the client side to identify the client then I'm not sure how OAuth2 is supposed to help as every OAuth2 system I'm ever seen still has that?</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/1408#issuecomment-271080460">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABWnLelVyMsv3Pkl6ay66YyqQwdFv5h8ks5rP4MBgaJpZM4LdZvc">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/ABWnLS3X7dNDMFt023qI7Vg_8QGLjNMDks5rP4MBgaJpZM4LdZvc.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/openstreetmap/openstreetmap-website/issues/1408#issuecomment-271080460"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/openstreetmap/openstreetmap-website","title":"openstreetmap/openstreetmap-website","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/openstreetmap/openstreetmap-website"}},"updates":{"snippets":[{"icon":"PERSON","message":"@tomhughes in #1408: Well the problem is OAuth2 isn't really a protocol, it's more of a toolkit that can you can use to design a protocol.\r\n\r\nI've no objection to supporting it if somebody wants to do the work, but I don't really have the time or energy to do enough reading and research myself to come up with something.\r\n\r\nI'm not sure what you mean by \"client side consumer key vulnerability\" though - if you just mean the fact that you need to have a key on the client side to identify the client then I'm not sure how OAuth2 is supposed to help as every OAuth2 system I'm ever seen still has that?"}],"action":{"name":"View Issue","url":"https://github.com/openstreetmap/openstreetmap-website/issues/1408#issuecomment-271080460"}}}</script>