On Tue, Jun 22, 2010 at 3:14 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > In OAuth 1.0a, we needed it for the patch. I don't think this needs to be in > the spec because it doesn't help interop. If the server supports such a > scheme, it should document it. It also falls under "previously established > redirection URI" which happens to point at the server.
OK, that makes sense. What about: > Also, this page should put the verification code and the > client state (code and state) in the page title in a standard way such > that the native app can extract them from the window title. WRAP > defined how the title should be formed. Extension? Marius > > EHL > >> -----Original Message----- >> From: Marius Scurtescu [mailto:mscurte...@google.com] >> Sent: Tuesday, June 22, 2010 1:02 PM >> To: Eran Hammer-Lahav >> Cc: OAuth WG (oauth@ietf.org) >> Subject: Re: native app support (was: Next draft) >> >> On Tue, Jun 8, 2010 at 10:46 AM, Marius Scurtescu >> <mscurte...@google.com> wrote: >> > In order to properly support native applications I suggest the >> > following changes: >> > [...] >> > 2. optional redirect_uri (default result page) >> > >> > Some native apps do not have a redirect_uri, as a result two things are >> needed: >> > >> > 2.1 Either make redirect_uri optional or define a standard value that >> > signals that the client does not have such a page. >> > >> > 2.2 The authz server must supply a default result page, if there is no >> > redirect_uri. Also, this page should put the verification code and the >> > client state (code and state) in the page title in a standard way such >> > that the native app can extract them from the window title. WRAP >> > defined how the title should be formed. >> >> Should this also go to an extension? It is not introducing any new >> parameters, >> not sure if it belongs there. OAuth 1 at least defined the "oob" special >> value. >> >> Marius > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth