. Right now, we need to support only V1.
I am asking this question because I could not clearly find the answer.
Is OAuth 2.0 finalized yet?
I saw that FaceBook is supporting OAuth 2.0, thats why I am curious.
On 05/27/2010 06:33 PM, Paul Lindner wrote:
Nothing is available as of yet.
http
Nothing is available as of yet.
http://wiki.apache.org/incubator/AmberProposal
includes OAuth 2.0 in it's charter, but it's just getting started.
On Tue, May 25, 2010 at 12:40 PM, lasanthak lasant...@gmail.com wrote:
Hi,
I am going to use the OAuth Java implementation for one of our
The method is there to prevent request tampering. For example a man in the
middle could alter a GET request into a DELETE request and the signatures
would still match.
On Mon, May 3, 2010 at 7:19 AM, Carlos carlos.crose...@gmail.com wrote:
Hi experts, what is the purpose of having the GET/POST
The OAuthDataStore class is intended to be a simple data store for oauth keys
and secrets. SampleOAuthDataStore implements a simple version of this using
json data in-memory.
On Apr 14, 2010, at 12:25 PM, rajender reddy wrote:
Hi All,
My name is Rajender and I work with Cisco. I got an
sure that was solved?
I should have said that is the only *JAVA* library that works out of
the box, my bad. And that's assuming that SignPost has not fixed the ~
thing.
Thanks a lot for your reply!
On Apr 8, 2:52 am, Paul Lindner lind...@inuus.com wrote:
Hi Pablo,
I
Hi Pablo,
I cannot edit the code page, but I can edit the wiki. I added LinkedIn
thereto the list of implementations.
Also for java the latest signpost seems to work fine, and other clients in
other languages are getting the job done.
On Wed, Apr 7, 2010 at 7:24 PM, Pablo Fernandez
Token duration is a policy decision. Each site decides on what they will
grant. For example at LinkedIn we give the user the option of one day, one
week, one year, or until revoked. To help partners we are planning on
adding some of the OAuth
If a site has an api that returns a stable user identifier then OAuth can
work fine as an SSO. I wouldn't go so far as to call it bastardized..
The big difference between OpenID and OAuth is the idiom used. OpenID is
designed to not require prior registration for use -- multiple relying
parties
The spec is largely silent on how the service provider notifies the consumer
that the user denied access. A possible solution would be to pass OAuth
Problem Reporting values (http://oauth.pbworks.com/ProblemReporting) to the
callback URL and without a verifier, like this:
FYI - many OAuth implementations, including ours at LinkedIn, use
frame-busting javascript to insure that the authorization form is not
iframed. The LinkedIn terms of service (and many others) also stipulate
that the URL bar must be visible and the authorization form must not be
iframed.
On Mon,
The technique described here may help with hard timeouts:
http://mrfeinberg.com/blog/archives/16.html
On Fri, Jul 24, 2009 at 5:15 AM, Mariusz mariusz...@gmail.com wrote:
Hi
Could someone tell me how I can set timeout for
OAuthClient.getRequestToken() in Java? I have already tried
Hi,
Recently a colleague who is starting an implementation of OAuth asked me
many questions about the design rationale of many of the steps involved in
the OAuth protocol. I found a number of mailing list threads discussing the
importance of each step and why it is present. If there's interest I
you should send this request to platform-h...@hi5.com
regards
Paul
(ex-hi5)
On Thu, Jun 11, 2009 at 10:18 AM, andres andres...@gmail.com wrote:
Hi
I tried to use a stored acces token with a token secret in hi5 but it
returns a invalid token authentication.
Is a problem of time expiration?
13 matches
Mail list logo