If you're patching client IDs into a program from the debian/ directory, surely it would be just as easy to patch them into the service file as into the source code though, right?
As for Ubuntu One OAuth code, I agree that it's OAuth code is weirdly non-standard (I filed bug 978719 about it way back). However, I'm not sure how your proposed API changes would help with U1: while it isn't using a fixed consumer key and secret, those values are assigned as part of the authorisation process rather than being passed in by the application. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity-scopes-api in Ubuntu. https://bugs.launchpad.net/bugs/1554040 Title: Allow hiding authentication data in scope binary Status in unity-scopes-api package in Ubuntu: In Progress Bug description: The current scope API doesn't allow the developer to specify the OAuth client keys at runtime, they must reside in the .service files which end up installed on the filesystem. Some people are concerned about exposing their API keys, and would rather embed them in their scope binary and specify them at runtime. While acknowledging that this will actually not improve the security, this possibility is offered by all other Online Accounts APIs, and it would be nice if scopes offered this too. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-scopes-api/+bug/1554040/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
