I thought this worked well in the Pownce demo last year. There does seem to be controversy about its usability; if someone wants to try this out and provide data on any issues they find with real users that would be worth a dozen extension specs.
Seth Fitzsimmons wrote: > Fire Eagle has some documentation of this pattern that I forgot to > include yesterday: > http://fireeagle.yahoo.net/developer/documentation/oauth_best_practice > > It doesn't need to be done as an OAuth extension because the SPs don't > need to do anything, provided that they already support URIs with > custom protocols; it just needs to be spread as a best practice. > > seth > > On Thu, Jan 1, 2009 at 6:47 PM, Krishna Sankar (ksankar) > <[email protected]> wrote: > >> That is interesting ... May be a good candidate for an OAuth extension, >> which would them popularize the pattern ... >> >> Cheers >> <k/> >> >> |-----Original Message----- >> |From: [email protected] [mailto:[email protected]] On Behalf >> |Of Seth Fitzsimmons >> |Sent: Thursday, January 01, 2009 4:33 PM >> |To: [email protected] >> |Subject: [oauth] Re: OAuth in Desktop Application... >> | >> | >> |An alternative that's been gaining ground, particularly with iPhone >> |and Android apps (which are more desktop than mobile), is to register >> |a custom protocol handler w/ the operating system and use a custom >> |oauth_callback url that looks something like >> |x-my-great-app://main?oauth_token=<validated request token>. >> | >> |The only requirement that this has for the SP is to support >> |(relatively) arbitrary URIs as oauth_callbacks. >> | >> |seth >> | >> |On Thu, Jan 1, 2009 at 8:26 AM, kellan <[email protected]> wrote: >> |> >> |> In the desktop flow you generally have the consumer display a big >> pink >> |> button reading, "Thanks, I've authorized you, lets continue" or some >> |> such, that the user clicks when they've finished the authorization >> |> step with the SP. At which point the Consumer makes its request to >> |> the Access Token URL. Other tricks are possible, but they require a >> |> fair amount of coordination between the Consumer and the SP. >> |> >> |> -kellan >> |> >> |> On Thu, Jan 1, 2009 at 10:12 AM, Nouman Ashraf >> |<[email protected]> wrote: >> |>> Hi All, >> |>> I am going to implement OAuth protocol in my desktop application >> |>> (consumer) with a web service(service provider) but i am confused >> |that >> |>> how service provider redirect user back to consumer with >> |authenticated >> |>> request token. i.e. how can i get that authenticated request token >> |and >> |>> come to know in a desktop application that the user get validated >> |etc. >> |>> etc... >> |>> > >> |>> >> |> >> |> > >> |> >> | >> | >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
