On Tue, Jun 22, 2010 at 3:14 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote:
> In OAuth 1.0a, we needed it for the patch. I don't think this needs to be in 
> the spec because it doesn't help interop. If the server supports such a 
> scheme, it should document it. It also falls under "previously established 
> redirection URI" which happens to point at the server.

OK, that makes sense.

What about:
> Also, this page should put the verification code and the
> client state (code and state) in the page title in a standard way such
> that the native app can extract them from the window title. WRAP
> defined how the title should be formed.

Extension?


Marius

>
> EHL
>
>> -----Original Message-----
>> From: Marius Scurtescu [mailto:mscurte...@google.com]
>> Sent: Tuesday, June 22, 2010 1:02 PM
>> To: Eran Hammer-Lahav
>> Cc: OAuth WG (oauth@ietf.org)
>> Subject: Re: native app support (was: Next draft)
>>
>> On Tue, Jun 8, 2010 at 10:46 AM, Marius Scurtescu
>> <mscurte...@google.com> wrote:
>> > In order to properly support native applications I suggest the
>> > following changes:
>> > [...]
>> > 2. optional redirect_uri (default result page)
>> >
>> > Some native apps do not have a redirect_uri, as a result two things are
>> needed:
>> >
>> > 2.1 Either make redirect_uri optional or define a standard value that
>> > signals that the client does not have such a page.
>> >
>> > 2.2 The authz server must supply a default result page, if there is no
>> > redirect_uri. Also, this page should put the verification code and the
>> > client state (code and state) in the page title in a standard way such
>> > that the native app can extract them from the window title. WRAP
>> > defined how the title should be formed.
>>
>> Should this also go to an extension? It is not introducing any new 
>> parameters,
>> not sure if it belongs there. OAuth 1 at least defined the "oob" special 
>> value.
>>
>> Marius
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to