Talk:External services security
Jerome: I think this chapter would need a real case example in order to be well understood. After reading the steps I understood that the user will manually enter the token into the external app.
Note: when a user wants to give his rights to an application, so any contexts, it would be friendly to have a granted access page as Google/Flickr provides. For example if you use the Flickr iPhone app, flickr app opens Safari, you log into your Flickr account, then when you reopen the flickr application you have access to your flickr account.