Good deal. Thanks all for the discussion. -- Steven
On Sat, Dec 4, 2010 at 2:31 PM, Rick Cobb <[email protected]> wrote: > > > On Sat, Dec 4, 2010 at 11:44 AM, Steven Cummings <[email protected]>wrote: > >> On Dec 4, 12:57 pm, Rasmus Lerdorf <[email protected]> wrote: >> > Your 3-legged issue is very standard practice, is it not? A user will >> > authorize a client app to act on her behalf. Once that authorization >> > has been granted her presence is irrelevant. If she no longer wants to >> > allow the app to act on her behalf she can revoke the access token. >> > >> >> Yes, I thought this was very straightforward too. The question was >> more generally, outside of the redirect scenarios described in the >> spec are there any other common mechanisms for this "async" situation. >> It's not just that the user doesn't always have to be there (duh), but >> is it inappropriate for the user to proactively provide the grant for >> the OAuth consumer to "pick up" and user later? I.e., is it >> appropriate to decouple their temporal proximity at the oauth provider >> altogether? >> >> AFAICT, that's a key use-case for OAuth. Just tell the user how long the > authorization is for at the authorization stage -- a minute or a millenium > is "OK". To extend the canonical example, this would let you schedule a > nightly backup of your pictures from one site to another. > > -- ReC > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected] <oauth%[email protected]>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
