On Tue, May 11, 2010 at 4:12 AM, Paul Madsen <paul.mad...@gmail.com> wrote: > Yes that's the idea. > > Where in the authorization server response would the QR code (or ref) go, > especially if it also includes the uri & user code?
I don't know how QR codes are generated, but I was assuming that the device can generate one without any help from the authz server, only based on uri and code. That's not going to work? Marius > > I don't see mention of an extensibility model by which additional params > could be defined/added > > On 5/10/2010 2:03 PM, Marius Scurtescu wrote: >> >> On Mon, May 10, 2010 at 6:20 AM, Paul Madsen<paul.mad...@gmail.com> >> wrote: >> >>> >>> Related, is anybody thinking of a variant of the device flow where the >>> user-agent sits on a device with QR-code capabilities, and so the user >>> needn't type anything (uri or code)? >>> >> >> The end user will point their phone to the device screen and the phone >> browser will take it from there? I think the device still needs to >> show the URI and code as fallback, in case the user does not have a >> smart phone, right? >> >> Does the spec need to change in any way to support this? Isn't this >> just a particular implementation? >> >> Marius >> >> > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
