That's the same as what I have in the draft, only with a single endpoint instead of two. Since we already have a 'mode' parameter (which I am renaming to 'type'), that single endpoint can speak more than one flow.
EHL On 4/6/10 12:37 AM, "Brian Eaton" <[email protected]> wrote: On Tue, Apr 6, 2010 at 12:13 AM, Eran Hammer-Lahav <[email protected]> wrote: > Yep. I'm trying to remove the need for a more complex discovery. Not sure we need to do anything, discovery is pretty simple already. We've been talking a bit about how to enable OAuth for IMAP: http://tech.groups.yahoo.com/group/sasl_oauth/. Here's the rough flow: 1) The hostname of the IMAP server to talk to magically appears. Maybe the user enters it. 2) Client queries the IMAP server. 3) IMAP server points at the OAuth WRAP endpoints. 4) Client opens a browser to get user approval using the rich client flow. 5) Client saves the refresh token instead of the user's password. Ideally the same SASL mechanism would work for XMPP. Cheers, Brian
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
