Core Platform Team/Initiative/OAuth2/Open Questions


 * Supporting Open Source clients that can't keep an API key secret
 * Supporting 1-page Web clients that can't keep an API key secret
 * Should the Discourse login and API authorization requirements be conflated here?