On Tue, Jun 2, 2009 at 1:28 PM, Justin Richer <[email protected]> wrote: > What would the callback url be? A web server run locally by the app > itself? A web site about the app? You can definitely do it, but I'd > argue that most desktop apps have nothing to call back *to*, since by > their nature they're off-browser.
Here are a bunch of techniques that desktop apps can use to improve the OAuth UX. All of them require callback URLs of one type or another, but most don't require a local web server. http://sites.google.com/site/oauthgoog/oauth-practices/auto-detecting-approval > Interesting, I hadn't thought of that case before. If we give devs a > way around registering for a consumer key, then they all might try to > take it and not bother with the keys in the first place. But I think > in that case you'd want to give the user the same amount of stern > warning that a desktop app with an untrustable key would get. Sure. Maybe you'd identify the consumer by the hostname of the callback URL. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
