The key to the “vulnerability” with OAuth is that each application is given its own key. That key ties any request made to the service (Twitter for example) to the application which owns the key. The concern was that if the key falls into the wrong hands users’ personal information could be put at risk. With the key needing to reside somewhere that the application can read it, they’re typically stored within the application code which makes finding the key a trivial matter for a hacker.

The thought occurred to me that if you need to access a web-based service which requires OAuth, it might be helpful to have an intermediary service handle that authentication for you. By adding a service tier which authenticates a specific user of your application and performs all of the direct interaction with the service there’s no need to keep the OAuth keys on the client which makes them much more difficult to compromise.

Though it doesn’t quite match some of the other features we’ve become accustomed to seeing in cloud storage like an OS client with drag & drop functionality, it certainly provides a reliable place to store some of your larger files that won’t fit under the smaller 20MB cap that Google places on email. This is quite possibly the precursor to the much lauded and speculated about G-Drive cloud storage service.

via LifeHacker