Ok, so I understand the general flow of OAuth and have used it to connect to services just fine. What I'm wondering is if there is any plan or standard method for utilizing OAuth as a login strategy for sites that depend entirely on the OAuth provider for service (i.e. Twitter-based applications).
I understand that I can initiate the request, authorize, access path each time the user logs in to an application, but that requires the "allow" screen in addition to the login screen. What I'm wondering is if there is a flow that can essentially 'reconfirm' an access token. Here's how I imagine it working: 1) User grants access using standard OAuth procedure, access token is stored in application as primary user identifier. 2) User logs out, closes browser, whatever. 3) User comes back and wants to log in. 4) App sends them to an oauth URL with the consumer key and secret, no other information is required. 5) OAuth providing website prompts a login. 6) If the given user has an access token for that application, send a callback with the token to 'remind' the app who this user is. No extra 'allow access' step required since the provider is simply saying "here's the access key for this user and this consumer." 7) User is logged into application through external OAuth mechanism! This seems to me to be a natural and small extension to the OAuth process and one which would yield substantial benefits for API- dependent applications and providers alike. What I'm asking is: does something like this exist? OpenID is obviously another solution but I want people to be able to log in to (for example) my Twitter app using their Twitter credentials without me ever knowing their password. Again, I've used OAuth a bit but I'm relatively new so let me know if I'm missing something obvious. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
