Hi Blaine, The auth experience for the Flickr iPhone app is exactly the right way to do things. No one would be happier than me if all mobile apps used an Auth UX like the Flickr iphone app.
Unfortunately, we have business partners which explicitly are writing into their contracts that they do not want a browser based auth experience for their client apps. I'm mystified by their demands but that's what the partners want. We have already tried to convince them that a browser based auth can be pretty nice, but they still want a direct auth UX, and since they're demanding a direct client login interface, we have to comply. It would be great if Service Providers can provide multiple ways for consumers to get an Access Token. The browser dance defined in OAuth 1.0a can be one way to do it, and perhaps alternate way would be to just pass the username/password/consumer_key. Contrary to James' point, I believe that it's a good idea to encourage client apps to voluntarily exchange the user's password for a less powerful credential. Allen Blaine Cook wrote: > > I'd love to see some data on adoption of the Flickr > iPhone app; it does the "right" thing security-wise and does not ask > for a username / password, even though it's the native Flickr app > running on a highly controlled platform (and therefore presumably > quite trustworthy). It redirects to Yahoo!'s login page (which > admittedly could be more optimized for mobile browsers), and I get to > see my sign in badge and everything. > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
