I think it makes sense, but can this be an extension as opposed to be added to core?
A related parameter IMO (could be part of the same extension) would be l10n, in what language should the Authorization Server interact with the user. OpenID I think has a similar extension. Marius On Tue, Mar 30, 2010 at 4:54 PM, David Recordon <davidrecor...@facebook.com> wrote: > One of the challenges we're running into from an implementation standpoint is > having the ability for a Client developer to tell the Authorization Server if > they're looking for a popup, full page redirect, mobile experience, or no > user interface for the times when a user is being sent through an > authorization flow. We're thinking that an additional "display" parameter > would be useful within the Web Client and Web Server flows. Values would > include none, page, popup, and mobile. > > none - Mainly for the Web Client profile. The Authorization Server should > return an immediate response either as an error or an access token if the > user has already authorized the Client and has a current session. > > popup - The Client is intending to display the Authorization Server's user > authorization flow within a popup window. Negotiating size seems reasonable > to exclude from scope for now. > > page - The Client is redirecting the user's browser to a page on the > Authorization Server. (This is probably the default and could be unneeded.) > > mobile - Force a mobile experience instead of the normal full page. > > Most Clients will never need to use this parameter because it will > automatically work using the standard OAuth redirect, but developers can > override it and it's needed in the Web Client flow. > > --David _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
