In OAuth 1.0a, we needed it for the patch. I don't think this needs to be in the spec because it doesn't help interop. If the server supports such a scheme, it should document it. It also falls under "previously established redirection URI" which happens to point at the server.
EHL > -----Original Message----- > From: Marius Scurtescu [mailto:mscurte...@google.com] > Sent: Tuesday, June 22, 2010 1:02 PM > To: Eran Hammer-Lahav > Cc: OAuth WG (oauth@ietf.org) > Subject: Re: native app support (was: Next draft) > > On Tue, Jun 8, 2010 at 10:46 AM, Marius Scurtescu > <mscurte...@google.com> wrote: > > In order to properly support native applications I suggest the > > following changes: > > [...] > > 2. optional redirect_uri (default result page) > > > > Some native apps do not have a redirect_uri, as a result two things are > needed: > > > > 2.1 Either make redirect_uri optional or define a standard value that > > signals that the client does not have such a page. > > > > 2.2 The authz server must supply a default result page, if there is no > > redirect_uri. Also, this page should put the verification code and the > > client state (code and state) in the page title in a standard way such > > that the native app can extract them from the window title. WRAP > > defined how the title should be formed. > > Should this also go to an extension? It is not introducing any new parameters, > not sure if it belongs there. OAuth 1 at least defined the "oob" special > value. > > Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
