Mike, If you are new to OAuth, I suggest you play with the OAuth Java Library in a servlet without JAX-RS first so you can use the examples provided. You may come to the conclusion that JAX-RS isn't the right technology for this, like we did. JAX-RS may buy you something if you plan to use WADL.
Ping me back if you still want the details of integration. John, I really like your idea of not using consumer secret on client. This way, it's very clear which part of OAuth flow is not protected so people don't make false assumptions. A bigger risk than malicious app on the phone is the malicious web page which can pretend to be the consumer and hijack the OAuth flow. It may be a good idea for the service provider to check the user-agent and honor requests from iPhone only. Zhihong --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
