Hi,
we are implementing a service that will allow users sign in using their
account on an external OAuth 2.0 provider (a certain well-known social
network). But there is a twist: my service consists of a mobile app and
a web service. The mobile app needs to authenticate its user to the app
Though not OAuth 2.0 - the scenario you're describing sounds very close to
that of an OpenSocial gadgets implementation - where by the open social
container (which would be Analogous to your App Server) can handle relaying
requests to a 3rd party API secured via OAuth - in which case it is both an
FYI folks,
I renamed the draft to draft-hardjono-oauth-dynreg-00.txt for consistency with
IETF naming of drafts.
/thomas/
_
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : OAuth Dynamic Client Registration
The way we do it is by having the user authenticate through the mobile app with
the app server (using an embedded browser). The app server presents the
Facebook/Twitter/Yahoo login buttons and handles the authentication. After
that, the app server issues the mobile app its own access token and
Photobucket does this with both OAuth1 (twitter) and OAuth2/WRAP (facebook,
msn messenger) services.
In the mobile app, user auth's with Photobucket. To connect to the external
provider service, user is redirected to Photobucket to start up a session,
then to the provider service to authorize
Thank you all for your advice, that was very helpful. The general
pattern seems to be similar to what I had in mind.
It would really help to have this documented properly. I would think it
is an increasingly common scenario.
Cheers,
Marcus
___
OAuth