IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth2 and clients without browsers

Eran Hammer-Lahav <eran@hueniverse.com> Tue, 26 July 2011 17:06 UTC

Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E54B521F886A for <oauth@ietfa.amsl.com>; Tue, 26 Jul 2011 10:06:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.557
X-Spam-Level:
X-Spam-Status: No, score=-2.557 tagged_above=-999 required=5 tests=[AWL=0.041, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PHuS7BRFHWF5 for <oauth@ietfa.amsl.com>; Tue, 26 Jul 2011 10:06:46 -0700 (PDT)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by ietfa.amsl.com (Postfix) with SMTP id 225B621F8510 for <oauth@ietf.org>; Tue, 26 Jul 2011 10:06:45 -0700 (PDT)
Received: (qmail 1681 invoked from network); 26 Jul 2011 17:06:45 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.19) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 26 Jul 2011 17:06:45 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT001.EX1.SECURESERVER.NET ([72.167.180.19]) with mapi; Tue, 26 Jul 2011 10:06:34 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Andrew Arnott <andrewarnott@gmail.com>
Date: Tue, 26 Jul 2011 10:06:29 -0700
Thread-Topic: [OAUTH-WG] OAuth2 and clients without browsers
Thread-Index: AcxLtl9K+aUi2WHKRfCMpkAuoJ6V3w==
Message-ID: <2CF72C45-5E9C-4FEA-9B4B-E9DAB3C1AC91@hueniverse.com>
References: <CAE358b7heXa_Arp48H=54-A73kHMx5mmCU_GaXfwEQEkb0aZRw@mail.gmail.com> <CAE358b5ooYa_aTozz3aswcB8Ch2KSyXyqog7x6j+sdS=P=G8fQ@mail.gmail.com>
In-Reply-To: <CAE358b5ooYa_aTozz3aswcB8Ch2KSyXyqog7x6j+sdS=P=G8fQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_2CF72C455E9C4FEA9B4BE9DAB3C1AC91hueniversecom_"
MIME-Version: 1.0
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth2 and clients without browsers
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 17:06:47 -0000

I believe Google is working on a proposal for an oob URI value to use as the redirection URI.

EHL

On Jul 26, 2011, at 9:18, "Andrew Arnott" <andrewarnott@gmail.com<mailto:andrewarnott@gmail.com>> wrote:

Trying a different DL...

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre


On Wed, Jul 20, 2011 at 6:38 AM, Andrew Arnott <<mailto:andrewarnott@gmail.com>andrewarnott@gmail.com<mailto:andrewarnott@gmail.com>> wrote:
The recent OAuth 2 specs seem to omit the scenario of a client that cannot host or invoke a browser but could display a URL to the user and ask the user to enter a PIN.  Was this an intentional omission?  If I am correct, this forces those clients to continue to use OAuth 1.0, which is not only less desirable but it will limit which services they can access.

Thoughts?
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email