On Tue, Jul 13, 2010 at 11:53 AM, Blaine Cook <rom...@gmail.com> wrote: > I don't claim to fully grok what the current state of the various > proposals are regarding the user agent flow, but fundamentally, > shouldn't we be aiming to replicate what Twitter and Facebook are > already doing?
Yes. They are passing all variable parameter on URL fragments. Other types of cross-domain messaging (e.g. window.postMessage) aren't widely deployed enough to rely on exclusively. Yet. Give it a few more years. > We've already moved towards JSON as a standard format, why not go all > the way and mandate either JSONP or CORS support, and explicitly build > around a Javascript-centric model (since that's really what we're > talking about, and that's what is deployed today). jsonp won't work for this use-case, it ends up requiring an extra client-to-server round trip. Cheers, Brian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth