A feature I'd also like to have as a consumer is the reverse operation
- starting with a broad scope for initial setup, then narrowing scope
before storing my secret anywhere other than local memory.
On Friday, October 16, 2009, Allen Tom wrote:
>
> Hi Robert,
>
> The text in the Yahoo documenta
Hi Pelle,
When we built our OAuth implementation, we considered many possible
solutions, including solutions very similar to the ones that you
described. We even built a few prototypes.
However, only after thoroughly investigating all other alternatives, we
found that we could not implement OA
Hi Robert,
The text in the Yahoo documentation is not factually correct - however
it doesn't really matter for client developers who are calling our OAuth
protected services.
We currently do not allow developers to change the scopes for their
consumer keys after we've issued them. The slang t
Sorry I believe you are correct that the EchoServlet is currently written to
only support 3-Legged OAuth. I think by changing the EchoServlet in the
following ways it should support 2-Legged.
1) Instead of
OAuthAccessor accessor = SampleOAuthProvider.getAccessor(requestMessage);
Use
final OAu
Hello,
I have some questions relative to the
spec:
- It appears that the Authorization HTTP header can be used to
provide
the OAuth parameters even for the parts described
in
http://oauth.net/core/1.0a#anchor9 Authenticating with OAuth. Is
this
correct or is that method only used
for
htt
I've started a page on the OAuth WIki specifically with best practices
for scaling OAuth providers.
The differences between large and small providers are large so I've
approached it from both angles. Please add to it.
http://wiki.oauth.net/Scaling-OAuth-providers
--
http://agree2.com - Reach A
Hi Robert,
As I'm sure you've figured out from the extension spec, it allows a
Consumer to "upgrade" scopes in a dynamic way based on user consent.
This is the model we use at AOL where users can be presented with a
consent dialog if they have not yet consented to allow the Consumer to
access
I'm sorry but I can't help thinking that it is wrong putting the
scalability burden on your users and not handling it internally. I may
be wrong but I think there is little to none support for the Session
Extension protocol in any of the libraries.
Couldn't a similar system be created without ses
Hi,
Iam passing accessToken as null now.Even then i get the same exception
that token has been expired inside SampleOAuthProvider.getAccessor()
Inside this method,it is checking for tokens and since they are coming
as null accessor object is set to null as a result of which we are
getting OAuthPr
