One of the challenges we're running into from an implementation standpoint is having the ability for a Client developer to tell the Authorization Server if they're looking for a popup, full page redirect, mobile experience, or no user interface for the times when a user is being sent through an authorization flow. We're thinking that an additional "display" parameter would be useful within the Web Client and Web Server flows. Values would include none, page, popup, and mobile.
none - Mainly for the Web Client profile. The Authorization Server should return an immediate response either as an error or an access token if the user has already authorized the Client and has a current session. popup - The Client is intending to display the Authorization Server's user authorization flow within a popup window. Negotiating size seems reasonable to exclude from scope for now. page - The Client is redirecting the user's browser to a page on the Authorization Server. (This is probably the default and could be unneeded.) mobile - Force a mobile experience instead of the normal full page. Most Clients will never need to use this parameter because it will automatically work using the standard OAuth redirect, but developers can override it and it's needed in the Web Client flow. --David _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
