IETF Logo Mail Archive

Re: [OAUTH-WG] User-Agent flow and refresh tokens

Torsten Lodderstedt <torsten@lodderstedt.net> Thu, 16 September 2010 19:00 UTC

Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8FE033A68F3 for <oauth@core3.amsl.com>; Thu, 16 Sep 2010 12:00:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.397
X-Spam-Level:
X-Spam-Status: No, score=-1.397 tagged_above=-999 required=5 tests=[AWL=-0.544, BAYES_00=-2.599, HELO_EQ_DE=0.35, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R4qSKqsoAryC for <oauth@core3.amsl.com>; Thu, 16 Sep 2010 12:00:51 -0700 (PDT)
Received: from smtprelay04.ispgateway.de (smtprelay04.ispgateway.de [80.67.31.31]) by core3.amsl.com (Postfix) with ESMTP id DB2013A6980 for <oauth@ietf.org>; Thu, 16 Sep 2010 12:00:44 -0700 (PDT)
Received: from [79.253.24.64] (helo=[192.168.71.41]) by smtprelay04.ispgateway.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1OwJhk-0004iq-9J; Thu, 16 Sep 2010 21:01:08 +0200
References: <4C913EE3.90704@lodderstedt.net> <AANLkTikJGDUKCfiPiN_rAVXmbPF0SBN_sKNQFHw6-oqj@mail.gmail.com> <AANLkTime0dayBq1k+ee7xNp3pkBE2-Ltn-i=LNh0-XvB@mail.gmail.com> <0B18D334-441B-48C0-8836-8F285404B53F@lodderstedt.net> <AANLkTimL1TL57iJ5MOJTcEmog5e-9vjZNCOAyKLS4Dt1@mail.gmail.com>
In-Reply-To: <AANLkTimL1TL57iJ5MOJTcEmog5e-9vjZNCOAyKLS4Dt1@mail.gmail.com>
Mime-Version: 1.0 (iPhone Mail 8B117)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
Message-Id: <6A068F15-5B15-444E-AAC3-354EFB866A4A@lodderstedt.net>
X-Mailer: iPhone Mail (8B117)
From: Torsten Lodderstedt <torsten@lodderstedt.net>
Date: Thu, 16 Sep 2010 21:00:23 +0200
To: Marius Scurtescu <mscurtescu@google.com>
X-Df-Sender: 141509
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] User-Agent flow and refresh tokens
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Sep 2010 19:00:52 -0000

I don't know whether I understand you correctly. Are you saying that refresh tokens only make sense in Web servers?

regards,
Torsten.



Am 16.09.2010 um 18:04 schrieb Marius Scurtescu <mscurtescu@google.com>:

> On Wed, Sep 15, 2010 at 10:39 PM, Torsten Lodderstedt
> <torsten@lodderstedt.net> wrote:
>> Am 16.09.2010 um 05:53 schrieb Andrew Arnott <andrewarnott@gmail.com>:
>> 
>> The user agent flow works for native apps that can host a web browser.  It
>> works pretty well in my experience.
>> 
>> Would like to see support for refresh tokens in this flow?
> 
> Sure, User-Agent works for native apps, but why would you use this
> flow over web server?
> 
> In other words, why add refresh tokens to user-agent when you can use
> web server?
> 
> Thanks,
> Marius

v2.23.0 | Report a Bug | By Email