Where's the latest specification of two-legged OAuth? The last one I
saw was
http://oauth.googlecode.com/svn/spec/ext/consumer_request/1.0/drafts/2/spec.html
But I wonder if there's a newer one. At IETF, perhaps?
--
You received this message because you are subscribed to the Google Groups
You might find it helpful to add some diagnostic information to the
response; for example http://oauth.pbworks.com/ProblemReporting
--
You received this message because you are subscribed to the Google Groups
OAuth group.
To post to this group, send email to oa...@googlegroups.com.
To
Hi Vinod,
Much Appreciated if you pls provide us with the sample Java code to
get the Yahoo Contacts using Yahoo Contacts API.
Thanks
Anil
On Feb 13, 10:51 pm, Vinod facebook vinod.faceb...@gmail.com wrote:
Hi,
I dunno how oauth in javascript works. I implemented oauth in
Java
I've finally mastered OAuth! I think that someone not integrally tied
to the OAuth project should write a tutorial about it - someone
unencumbered by the history of the project that can focus on just what
you need to know. The biggest problem for me was reading the spec
which just didn't present
I'm building an oAuth app that integrates with Contacts, and Gmail and
everything is working correctly, except that the oAuth access tokens
that I'm generating seem to only last 1 day.
I was under the impression that oAuth access tokens should last
indefinitely as long as they are not revoked by
We currently use CAS for SSO. I'd like to have SSO into gmail, but do
not want to switch to OpenID. Is it possible to use OAuth to login
users into their gmail accounts? Or is OAuth only meant to retrieve
user data?
I am currently using SignPost to connect to OAuth... if it matters.
Thanks.
Token duration is a policy decision. Each site decides on what they will
grant. For example at LinkedIn we give the user the option of one day, one
week, one year, or until revoked. To help partners we are planning on
adding some of the OAuth
OAuth can be used as a bastardized mechanism to do SSO, but it's not really
recommended.
OAuth only provides you with tokens, which could later be revoked,
effectively destroying the identity that you're relying on.
OpenID is the preferred way to achieve SSO because it provides you with a
If a site has an api that returns a stable user identifier then OAuth can
work fine as an SSO. I wouldn't go so far as to call it bastardized..
The big difference between OpenID and OAuth is the idiom used. OpenID is
designed to not require prior registration for use -- multiple relying
parties
This is worth exploring further at the next OpenID Summit (assuming there is
interest). RPs that we talk to have overlapping use cases and it's not fair
to their developers to have completely independent SDKs (different signing
mechanism, on boarding process etc).
-Ashish
Agreed. There's a bunch of interesting things that could be done to
bring OpenID and OAuth closer together.
On Fri, Mar 26, 2010 at 7:15 PM, Ashish Jain iti...@gmail.com wrote:
This is worth exploring further at the next OpenID Summit (assuming there is
interest). RPs that we talk to have
I do agree with that. But it is important to recognize where each came
from, and what problems each respectively sought to address.
Narrowing the divide between the two and making it easier to use both
together is something I'm absolutely in favor of.
Sent from my iPhone 2G
On Mar 26,
12 matches
Mail list logo
