Another option is to use the OAuth access token and secret as a user identifier, instead of a username. That is, the consumer software doesn't really know who the users are. A web-based consumer might maintain a database of access tokens and secrets, and arrange for users' browsers to send a database key with each request, as a cookie or URL parameter.
This approach won't enable the consumer to recognize that several sessions (e.g. several browsers) belong to the same user, since each session might have a different access token. But for some consumers it doesn't matter: the service provider knows, and that's sufficient. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
