This time we take a look at how to improve security by not transmitting the user's auth token directly. Instead, we'll leverage HMAC SHA1 hashing with the provided client id. Doing this makes the response not directly useful. The client needs to use the client id and the agreed upon hashing algorithm to arrive at the common auth token.
This is a companion discussion topic for the original entry at https://nsscreencast.com/episodes/221-easy-auth-part-2