Fire Eagle has some documentation of this pattern that I forgot to include yesterday: http://fireeagle.yahoo.net/developer/documentation/oauth_best_practice
It doesn't need to be done as an OAuth extension because the SPs don't need to do anything, provided that they already support URIs with custom protocols; it just needs to be spread as a best practice. seth On Thu, Jan 1, 2009 at 6:47 PM, Krishna Sankar (ksankar) <[email protected]> wrote: > > That is interesting ... May be a good candidate for an OAuth extension, > which would them popularize the pattern ... > > Cheers > <k/> > > |-----Original Message----- > |From: [email protected] [mailto:[email protected]] On Behalf > |Of Seth Fitzsimmons > |Sent: Thursday, January 01, 2009 4:33 PM > |To: [email protected] > |Subject: [oauth] Re: OAuth in Desktop Application... > | > | > |An alternative that's been gaining ground, particularly with iPhone > |and Android apps (which are more desktop than mobile), is to register > |a custom protocol handler w/ the operating system and use a custom > |oauth_callback url that looks something like > |x-my-great-app://main?oauth_token=<validated request token>. > | > |The only requirement that this has for the SP is to support > |(relatively) arbitrary URIs as oauth_callbacks. > | > |seth > | > |On Thu, Jan 1, 2009 at 8:26 AM, kellan <[email protected]> wrote: > |> > |> In the desktop flow you generally have the consumer display a big > pink > |> button reading, "Thanks, I've authorized you, lets continue" or some > |> such, that the user clicks when they've finished the authorization > |> step with the SP. At which point the Consumer makes its request to > |> the Access Token URL. Other tricks are possible, but they require a > |> fair amount of coordination between the Consumer and the SP. > |> > |> -kellan > |> > |> On Thu, Jan 1, 2009 at 10:12 AM, Nouman Ashraf > |<[email protected]> wrote: > |>> Hi All, > |>> I am going to implement OAuth protocol in my desktop application > |>> (consumer) with a web service(service provider) but i am confused > |that > |>> how service provider redirect user back to consumer with > |authenticated > |>> request token. i.e. how can i get that authenticated request token > |and > |>> come to know in a desktop application that the user get validated > |etc. > |>> etc... > |>> > > |>> > |> > |> > > |> > | > | > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
