On 1 Nov 2010, at 13:19, Bryan Sullivan <[email protected]> wrote:
> Hi, > Can anyone point to an example of how to use HTTP redirect-based protocols > such as OAuth with widgets? There seem to be issues with the use of these > protocols due to the difference between widgets and browser-based webapps, in > particular with the two aspects: > widgets cannot access network resources unless an access request/dependency > to the domain is declared per the WARP spec. Thus any domain that is to be > used in a redirect-based protocol needs to be known up-front and explicitly > included per WARP. > for widgets, there is no “origin” or at least “base” that can be used in a > redirect-based protocol. All that widgets could expose for redirect purposes > are relative URIs for their resources. Thus redirect protocols/designs in > which one widget page makes a request which is intended to result in a > redirect to another widget page, will not work > > An example of how to do this for widgets, e.g. a Twitter-enabled widget (as > Twitter uses OAuth) would be very helpful. > > It does seem that applications using XHR for this (as compared to web > links/anchors etc) would/should be in total control of the operation of XHR, > but they would need to handle all HTTP requests and responses (including > redirects). .... That's probably where XHR reaches its limit: redirects are thought to be transparent to XHR > > Apologies in advance if this request is not clear from a technical > perspective. > > Bryan
