[Not cross posting to OpenID] First, you need to separate OpenID from OAuth. OpenID is a federated web authentication protocol and service. OAuth is an HTTP authentication method for delegated access. It is true that both use (in the current form) browser redirections but they way you will be able to circumvent that would be different (if at all possible) in each case.
A few examples for alternative flows for OAuth are discussed here [1]. The key is to find the most appropriate way to obtain a set of token credentials on the platform you are used. You might want to take a look at how NetFlix is doing it on the Xbox, but they perform a flow that involves entering a number form the TV screen (where data entry is hard) into a browser. They can get away with requiring a browser at all because their entire service depends on the browser. If you want to add a movie to your Xbox queue, you have to go on the web anyway. Once you have a set of token credentials, you use OAuth as specified in Core 1.0. EHL [1] http://www.hueniverse.com/hueniverse/2009/02/beyond-the-oauth-web-redirection-flow.html On 4/10/09 11:47 AM, "David Recordon" <[email protected]> wrote: Hey Kamal, I'm forwarding your email to both the OpenID General and OAuth mailing lists. Cheers, --David Begin forwarded message: From: Kamal Mehta <[email protected]> Date: April 10, 2009 12:30:31 AM PDT To: [email protected] Subject: [OpenID board] Question on implementation of OAUTH/OpenID for Set-top-box Reply-To: [email protected] Hi, We are evaluating the integration of OpenID/OAUTH for our clients so that there could be a seamless user experience of Authentication on Playstation/Set-top-box. In due course we investigated it a bit and found that OpenID/OAUTH 2.0 follows a redirection model FROM Relying Party TO OpenID Provider through the UserAgent, which happens to be browser in all example implementation we have seen. We have quick question, As described we are using Blue-Ray players which lacks the ability of having state-of-the-art browsers, is there any possibility of implementing OpenID and OAUTH w/out going thru browser route of redirection, such as any direct API call to get an authentication of user? Is it even feasible? Are there any implementations done for Set-Top-Box by any other company we could leverage some design discussions? Appreciate your early response. Thanks in advance. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
