Could you explain how the token fragment is removed between step C and
D in the user agent profile ?
I don't understand how the http redirect request can be modified by
the user agent
On Wed, Jul 14, 2010 at 7:58 AM, Naitik Shah n...@daaku.org wrote:
Thanks! That sounds great.
On Tue, Jul
On Tue, Jul 13, 2010 at 9:42 AM, David Recordon record...@gmail.com wrote:
That strikes me as very odd - returning some params in the query, and
others in the fragment is just weird.
I actually think that you want this – albiet odd – combination when
requesting both a code and token. The code
Isn't that better overall than requiring the browser to make another HTTP
request to pass the code over?
EHL
On 7/13/10 11:17 AM, Brian Eaton bea...@google.com wrote:
On Tue, Jul 13, 2010 at 9:42 AM, David Recordon record...@gmail.com wrote:
That strikes me as very odd - returning some
I don't claim to fully grok what the current state of the various
proposals are regarding the user agent flow, but fundamentally,
shouldn't we be aiming to replicate what Twitter and Facebook are
already doing?
We've already moved towards JSON as a standard format, why not go all
the way and
On Tue, Jul 13, 2010 at 11:53 AM, Blaine Cook rom...@gmail.com wrote:
I don't claim to fully grok what the current state of the various
proposals are regarding the user agent flow, but fundamentally,
shouldn't we be aiming to replicate what Twitter and Facebook are
already doing?
Yes. They
On Tue, Jul 13, 2010 at 11:17 AM, Brian Eaton bea...@google.com wrote:
On Tue, Jul 13, 2010 at 9:42 AM, David Recordon record...@gmail.com
wrote:
That strikes me as very odd - returning some params in the query, and
others in the fragment is just weird.
I actually think that you want
Thanks! That sounds great.
On Tue, Jul 13, 2010 at 3:00 PM, Eran Hammer-Lahav e...@hueniverse.comwrote:
This is clearly a third flow - hybrid (of user-agent and web-server) - and
not just a variant of the user-agent flow. It should be presented with its
own flow diagram and description. I
The problem with the original 'type' parameter and the flows in general is that
they tried to address a specific use case and then got expanded (or overloaded)
with other use cases. The user-agent and web-server flows became the foundation
of native applications, and there were people
The draft 9 spec has no efficient way for a javascript client to
request a verification code. The spec creates extra client-to-server
round trips. There is also some inaccurate description of the
properties of the profile. The problems are located in section 1.4.2:
There is no user-agent flow anymore. There is a profile (of the generic
endpoints described in the rest of the spec). Draft -09 added the ability to
get both an authorization code and an access token. Your description makes it
sound like draft -09 broke something when it was never proposed that
On Sat, Jul 10, 2010 at 9:05 PM, Eran Hammer-Lahav e...@hueniverse.com wrote:
There is no user-agent flow anymore.
Yeah. That's a bug. =(
The request was to allow it to
obtain both when using a web-based component together with the user-agent.
Right, this didn't use to be possible, but
11 matches
Mail list logo