Core Platform Team/Initiative/OAuth2/Open Questions
- Supporting Open Source clients that can't keep an API key secret
- Supporting 1-page Web clients that can't keep an API key secret
- Should the Discourse login and API authorization requirements be conflated here?