Anders Feder wrote:
If I'm not mistaken, OAuth requires the user to approve the
authentication request in her browser, which is an interactive action.
This is true, but this only needs to be done when obtaining an access token, which can be used potentially forever without further interaction from the user.

And of course any number of extensions could be created to obtain an access token via an alternate path, after which normal OAuth can be used.

Joseph Holsten pointed me to Appendix A of the OAuth specification for
an example. In step A.3, "The Consumer redirects Jane’s browser to the
Service Provider User Authorization URL to obtain Jane’s approval for
accessing her private photos."

Also, OAuth appears to be more about authorization (to access a remote
resource) than about authentication.

Is there any way to operate either OpenID or OAuth entirely

tir, 15 07 2008 kl. 08:38 -0700, skrev Scott Kveton:
Hi Anders,

You might want to check out OAuth ... it was developed for just such a

- Scott

On Tue, Jul 15, 2008 at 4:20 AM, Anders Feder <[EMAIL PROTECTED]> wrote:

There have been some discussion over the years about using OpenID for
non-interactive logins. Can someone kindly tell me what the status is of
this feature? In particular login from non-browser applications - is
this currently possible (e.g. using client certificate authentication)?

Anders Feder <[EMAIL PROTECTED]>

specs mailing list

specs mailing list

specs mailing list

Reply via email to