It's not necessary to invent a URI scheme. The desktop application can start a simple web server on an ephemeral TCP port, and pass its URL to the service provider, something like oauth_callback=http:// localhost:12345. That way, the service provider and the consumer's operating system need not handle a surprising URI scheme. It's just HTTP. For example, see http://oauth.googlecode.com/svn/code/java/example/desktop/src/main/java/net/oauth/example/desktop/DesktopAccessor.java
Can you all help refine this technique? I noticed two problems on Windows: * The consumer neglects to close the browser window or tab that it opened to enable the user to authorize (via the service provider's web site). So the desktop is cluttered with a surplus window or tab. I don't know how a desktop application can open and later close a browser window. onLoad="window.close();" doesn't work very well. * If the user closes the browser window or tab without indicating a decision about authorization, the consumer stalls (awaiting a callback that will never come). Is there some JavaScript fu that could send a message to the consumer in this case, so it can respond appropriately? On Jan 2, 9:02 am, John Panzer <[email protected]> wrote: > I thought this worked well in the Pownce demo last year. There does > seem to be controversy about its usability; if someone wants to try this > out and provide data on any issues they find with real users that would > be worth a dozen extension specs. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
