Hacker News new | comments | show | ask | jobs | submit login

Isn't that the point of OAuth? (versus HTTP basic auth)

Your secret key shouldn't be compromised, because you're supposed to keep that secret. Also if you use HTTPS for requests you'd still get a cert error even if DNS was routing incorrectly. You're probably fine.

Indeed, I misspoke and meant to say tokens/refresh tokens. A similar thing happened for Evernote a while back and knocked down all tokens and required re-authentication across the board.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact