Re: [OAUTH-WG] Dailymotion API using OAuth 2.0 draft 10

Andrea Reginato <> Thu, 04 November 2010 00:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 02D9C3A6909 for <>; Wed, 3 Nov 2010 17:31:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NA8CuZ1NYV7F for <>; Wed, 3 Nov 2010 17:31:50 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id DCA2F3A68EC for <>; Wed, 3 Nov 2010 17:31:49 -0700 (PDT)
Received: by wwb13 with SMTP id 13so61965wwb.13 for <>; Wed, 03 Nov 2010 17:31:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=X0gO4Cdk1wQnfvgbPFuFDLXhc4a8uf0fJ+jhJWV+EjQ=; b=nHPNAMbnnm1FC++JzkqHGeYGH3CvQfZF5SVcX+QGjreot7xPSLPnphvMaVCDaF+cXv Vy23cg0OKuLe6Te5tmm0Tq5aSSuqNtjKDdjjOMeygnqP69Miiftt+WBQPfHm8vLihY/z JNtAymKAIn3swt5MLu1GfAIXOFKqVHGE9MHD4=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=l85bcEDNARGagt8M6W76h2OR+kFE1I4EmWsxeOqf8vMkjlyyYk+dq0pSrmZ6/7sBVa VWx7XyqS/zS4FWHXLbpEuXG695edZXZOr7Qx38n+mYwfUjFGktCIcj/W1jyZU2IkXjW2 aa9ryU06tHAbiQMDAqVkj/QVmxupSkYF8rTWg=
MIME-Version: 1.0
Received: by with SMTP id f12mr6361174wbt.139.1288830717670; Wed, 03 Nov 2010 17:31:57 -0700 (PDT)
Received: by with HTTP; Wed, 3 Nov 2010 17:31:57 -0700 (PDT)
In-Reply-To: <>
References: <> <> <>
Date: Thu, 4 Nov 2010 01:31:57 +0100
Message-ID: <>
From: Andrea Reginato <>
To: Olivier POITREY <>
Content-Type: multipart/alternative; boundary=0016e6585ed21a36b704942f4901
Cc: OAuth WG <>
Subject: Re: [OAUTH-WG] Dailymotion API using OAuth 2.0 draft 10
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 04 Nov 2010 00:31:51 -0000

On Tue, Nov 2, 2010 at 2:55 PM, Olivier POITREY <> wrote:

> Hi David,
> Thank you for adding us. The implementation was straightforward, and the
> current draft of the spec is clear and easy to read. The only place where we
> had to adapt a bit was the "insufficient scope" error reporting: our API
> supports multiple method calls per request, and returning a global error if
> only one had insufficient scope wasn't very helpful for the developers. We
> solved this by simply handling insufficient scope errors at the API level.

Hi Olivier, I was reading the doc and I wanted to make my greetings.

In these days I'm reading several dev doc related to OAuth2 (spec and
provider services) and I've one question I'm not able to find a solution at.
In the User Agent flow, I get pretty well the flow cicle, but I can't
understand if it can be really used, or if it is dangerous for security

As far as you are one of the few giving this flow service, I wanted to ask
your opinion about. If you have also some documentation, I would love to get
more in touch with the low level details.

Andrea Reginato