I still maintain that this works fine for knowledgeable web dev folks (who seem to be the people who get excited about OAuth), but *will* confuse users who don't understand the tech involved, and/or aren't comfortable jumping between apps. In addition, the process becomes even more problematic with apps that don't run on a modern windowing platform (like CLIs, mobile devices, and the like).
If you have hard numbers from usability studies that prove my suspicions unfounded, that would be *great*. I'd love to be wrong. -- Ed Finkler http://funkatron.com AIM: funka7ron ICQ: 3922133 Skype: funka7ron On Feb 9, 4:12 pm, Blaine Cook <[email protected]> wrote: > OAuth was designed with explicit desktop application support in mind. > To see how it works in practice, try using a desktop Flickr Uploader > or iMovie's YouTube integration. > > Normally your app will open a browser window (all modern environments > do this seamlessly) and ask the user to authorize the application. > Once they've done that, they should be told to go back to the > application (close the browser window) and continue the setup process > (usually by just clicking "Continue" or OK so that the desktop app > knows that it's OK to exchange the request token for the access > token). > > b.
