Not all providers will let you register non (verified) HTTP callback URIs. While it is a pretty useful hack, especially in devices such as the iPhone where only a single application can occupy the screen at a time, it can pose a security threat. If you are going to use this method, make sure that calling your application in this way cannot be abused by others posting such links in other websites.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Ben Ward > Sent: Saturday, February 21, 2009 7:25 PM > To: [email protected] > Subject: [oauth] Re: OAuth-like user experience examples > > > On 21 Feb 2009, at 11:09, Chris Messina wrote: > > >> I also see this more as a problem for e.g. the iPhone where you > >> usually > >> need to close the application in order to jump to safari. This is > >> not such a > >> problem on the desktop and (as you demonstrate) has been done for > >> quite a > >> while with flickr. > >> > > > > Pownce actually did this, and I don't think that the experience was > > all that > > bad: > > > > https://wiki.oauth.net/OAuth-for-Pownce-on-iPhone > > > > With using custom protocol handlers, you can make the experience > quite > > smooth actually. Confining the user to the task at hand is a bit > > harder, but > > it's not impossible to handle the case where the user never completes > > authentication. > > We documented some of that in the Fire Eagle documentation that Blaine > already linked. In fact, you can register x-application:// protocol > handlers is usable on all modern OS's; so the technique could be used > on the desktop to skip the 'Now press OK' prompts we have in existing > desktop auth, not just iPhone. (URL for that doc again is: > http://fireeagle.yahoo.net/developer/documentation/oauth_best_practice) > > Also in the iPhone space, the new GetSatisfaction app has a beautiful > diagrammatic explanation for the Quit -> Safari -> Reopen behaviour, > see: http://micro.cjmart.in/post/80075323/ > > Ben --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
