Thread:Talk:OAuth/OAuth 2 over https/reply (3)

I read back through OAuth 1, OAuth 2, and the OAuth 2 MAC token specs. Taking a look at it I've found that while signatures are back in a way. From a security standpoint they are completely inferior to the signatures used inside OAuth 1. They only protect the resource server (and don't even protect that entirely) and don't protect the authorization server. In effect while OAuth 2 has "signatures", they are practically useless. You still need to run HTTPS on your wiki to be able to use OAuth 2 securely.