--- On Tue, 1/4/11, Torsten Lodderstedt <[email protected]> wrote: > just to make sure I understood your paper correctly: even > native clients are required to have a backend server > component, which receives the authorization results and > makes it available to the native client?
Yes, a very simple one that responds to an http post request by copying the body of the post to the body of the response. (That could be done, for example, by a simple application-independent Apache module. Apache would be configured to invoke the module for requests that target the redirection uri, and send the response with a media type that is handled by the native client application.) These days every little neighbourhood store as a Web site, so it is safe to assume that the provider of the native client application has one. Francisco
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
