Computer access control using registration and communication secrets

What is claimed is: 1. A method, comprising: receiving via a first communication medium a request associated with access to a restricted computer resource by a computer application of a first device; determining that the request is provided by the first device having an Internet Protocol (IP) address not included in a group of authorized Internet Protocol (IP) addresses; generating a registration secret for the computer application of the first device; providing the generated registration secret to an authorized device having an IP address included in the group of authorized IP addresses, wherein, via a second communication medium, a representation associated with the registration secret is provided by the authorized device to the first device, wherein the second communication medium is different than the first communication medium; receiving a token signed by the first device by the generated registration secret; validating the token signed by the first device by the generated registration secret; in response to successfully validating the token, generating a communication secret and associating the communication secret with an identifier associated with the first device; and providing the communication secret for use by the computer application of the first device to access the restricted computer resource. 2. The method of claim 1 , wherein the first communication medium comprises a communication channel to an untrusted computer network. 3. The method of claim 1 , wherein the restricted computer resource includes an instance of a software platform. 4. The method of claim 1 , wherein the first device is a mobile device. 5. The method of claim 1 , wherein the computer application is a mobile application configured to communicate with an instance of a software platform. 6. The method of claim 1 , wherein the registration secret includes a sequence of alphanumeric characters. 7. The method of claim 1 , wherein the second communication medium comprises a communication channel to a trusted computer network. 8. The method of claim 1 , wherein the representation includes a machine-readable optical label encoding the registration secret. 9. The method of claim 8 , wherein the machine-readable optical label includes a Quick Response (QR) code. 10. The method of claim 1 , wherein the representation includes an unencoded text version of the registration secret. 11. The method of claim 1 , wherein the representation includes the identifier associated with the first device. 12. The method of claim 1 , wherein the token includes the identifier associated with the first device. 13. The method of claim 1 , wherein the token includes a timestamp associated with when the token has been sent. 14. The method of claim 1 , wherein the token includes a hash value generated based at least in part on the registration secret. 15. The method of claim 1 , wherein validating the token includes determining a validation hash value based at least in part on the registration secret and comparing the validation hash value to a token hash value included in the token. 16. The method of claim 1 , further comprising receiving a subsequent token signed using the communication secret. 17. The method of claim 16 , wherein the subsequent token includes a hash value generated based at least in part on the communication secret. 18. A system, comprising: one or more processors configured to: receive via a first communication medium a request associated with access to a restricted computer resource by a computer application of a first device; determine that the request is provided by the first device having an Internet Protocol (IP) address not included in a group of authorized Internet Protocol (IP) addresses; generate a registration secret for the computer application of the first device; provide the generated registration secret to an authorized device having an IP address included in the group of authorized IP addresses, wherein, via a second communication medium, a representation associated with the registration secret is provided by the authorized device to the first device, wherein the second communication medium is different than the first communication medium; receive a token signed by the first device by the generated registration secret; validate the token signed by the first device by the generated registration secret; in response to successfully validating the token, generate a communication secret and associate the communication secret with an identifier associated with the first device; and provide the communication secret for use by the computer application of the first device to access the restricted computer resource; and a memory coupled to at least one of the one or more processors and configured to provide at least one of the one or more processors with instructions. 19. A computer program product embodied in a non-transitory computer readable medium and comprising computer instructions for: receiving via a first communication medium a request associated with access to a restricted computer resource by a computer application of a first device; determining that the request is provided by the first device having an Internet Protocol (IP) address not included in a group of authorized Internet Protocol (IP) addresses; generating a registration secret for the computer application of the first device; providing the generated registration secret to an authorized device having an IP address included in the group of authorized IP addresses, wherein, via a second communication medium, a representation associated with the registration secret is provided by the authorized device to the first device, wherein the second communication medium is different than the first communication medium; receiving a token signed by the first device by the generated registration secret; validating the token signed by the first device by the generated registration secret; in response to successfully validating the token, generating a communication secret and associating the communication secret with an identifier associated with the first device; and providing the communication secret for use by the computer application of the first device to access the restricted computer resource.