Re: [OAUTH-WG] Dailymotion API using OAuth 2.0 draft 10

Andrea Reginato <andrea.reginato@gmail.com> Thu, 04 November 2010 00:31 UTC

Return-Path: <andrea.reginato@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 02D9C3A6909 for <oauth@core3.amsl.com>; Wed, 3 Nov 2010 17:31:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NA8CuZ1NYV7F for <oauth@core3.amsl.com>; Wed, 3 Nov 2010 17:31:50 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id DCA2F3A68EC for <oauth@ietf.org>; Wed, 3 Nov 2010 17:31:49 -0700 (PDT)
Received: by wwb13 with SMTP id 13so61965wwb.13 for <oauth@ietf.org>; Wed, 03 Nov 2010 17:31:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=X0gO4Cdk1wQnfvgbPFuFDLXhc4a8uf0fJ+jhJWV+EjQ=; b=nHPNAMbnnm1FC++JzkqHGeYGH3CvQfZF5SVcX+QGjreot7xPSLPnphvMaVCDaF+cXv Vy23cg0OKuLe6Te5tmm0Tq5aSSuqNtjKDdjjOMeygnqP69Miiftt+WBQPfHm8vLihY/z JNtAymKAIn3swt5MLu1GfAIXOFKqVHGE9MHD4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=l85bcEDNARGagt8M6W76h2OR+kFE1I4EmWsxeOqf8vMkjlyyYk+dq0pSrmZ6/7sBVa VWx7XyqS/zS4FWHXLbpEuXG695edZXZOr7Qx38n+mYwfUjFGktCIcj/W1jyZU2IkXjW2 aa9ryU06tHAbiQMDAqVkj/QVmxupSkYF8rTWg=
MIME-Version: 1.0
Received: by 10.227.133.140 with SMTP id f12mr6361174wbt.139.1288830717670; Wed, 03 Nov 2010 17:31:57 -0700 (PDT)
Received: by 10.227.147.143 with HTTP; Wed, 3 Nov 2010 17:31:57 -0700 (PDT)
In-Reply-To: <07DE56E9-D382-4A23-A475-79BCBC2FE9AC@dailymotion.com>
References: <BF23C9FD-6865-4631-9687-4807F1D9CDBC@dailymotion.com> <AANLkTinpf8RrT-0As=2_jksWa7b71STcBLurnV515Deg@mail.gmail.com> <07DE56E9-D382-4A23-A475-79BCBC2FE9AC@dailymotion.com>
Date: Thu, 4 Nov 2010 01:31:57 +0100
Message-ID: <AANLkTi=dy88ff_xFnE4jtFNs8hUmXc3NMBBmhQvMBWdY@mail.gmail.com>
From: Andrea Reginato <andrea.reginato@gmail.com>
To: Olivier POITREY <rs@dailymotion.com>
Content-Type: multipart/alternative; boundary=0016e6585ed21a36b704942f4901
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Dailymotion API using OAuth 2.0 draft 10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Nov 2010 00:31:51 -0000

On Tue, Nov 2, 2010 at 2:55 PM, Olivier POITREY <rs@dailymotion.com> wrote:

> Hi David,
>
> Thank you for adding us. The implementation was straightforward, and the
> current draft of the spec is clear and easy to read. The only place where we
> had to adapt a bit was the "insufficient scope" error reporting: our API
> supports multiple method calls per request, and returning a global error if
> only one had insufficient scope wasn't very helpful for the developers. We
> solved this by simply handling insufficient scope errors at the API level.
>

Hi Olivier, I was reading the doc and I wanted to make my greetings.

In these days I'm reading several dev doc related to OAuth2 (spec and
provider services) and I've one question I'm not able to find a solution at.
In the User Agent flow, I get pretty well the flow cicle, but I can't
understand if it can be really used, or if it is dangerous for security
problems.

As far as you are one of the few giving this flow service, I wanted to ask
your opinion about. If you have also some documentation, I would love to get
more in touch with the low level details.

-- 
Andrea Reginato