On Tue, May 19, 2009 at 6:01 PM, Evert Pot <[email protected]> wrote:
> > Dear list, > > I'm tasked with designing a new developer api for our application. > Part of this is coming up with an authentication scheme. I've looked > into OAuth, and I would like to know if OAuth is right for me, because > it doesn't exactly address the standard OAuth scenario. > > To explain our application in a nutshell, we host community sites. The > developers accessing our site are not end-users, but businesses > licensing our application. These clients currently get an secret token > (api key) which gives them unrestricted access to all data and users > within their application. > > This API access needs to be secure, but does not require explicit > permission by the end-users (or even implicit ;) they can just do > whatever they want..). > > For this scenario, would it make sense to use OAuth? How would OAuth > work if there is no end-user to allow permission? Yep, this is the so-called "two legged" scenario, with an empty access token and secret (just a Consumer Key and secret). It works fine. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
