> Hi Justin - > > Nice, thoughtful e-mail. A few questions inline. > > On Wed, May 27, 2009 at 10:46 AM, Justin Richer <[email protected]> wrote: > > Whatever keywords are chosen to fill the role [of identifying desktop > > apps], this set > > would have an implicit callback URL of "oob" > > You lost me here. Lots of desktop apps are going to want callback URLs.
What would the callback url be? A web server run locally by the app itself? A web site about the app? You can definitely do it, but I'd argue that most desktop apps have nothing to call back *to*, since by their nature they're off-browser. > > Are there other considerations that are unique to the heavy client > > environment? > > Web application authors hate registration, and will cheerfully use > keys that were published with desktop applications. Any functionality > that we provide to improve the user and developer experience for > desktops will also be used in the web app space. You might want to > consider how some of the extensions you've proposed would be used by > web developers. Interesting, I hadn't thought of that case before. If we give devs a way around registering for a consumer key, then they all might try to take it and not bother with the keys in the first place. But I think in that case you'd want to give the user the same amount of stern warning that a desktop app with an untrustable key would get. -- justin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
