On Tue, Jun 22, 2010 at 4:07 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > >> -----Original Message----- >> From: Marius Scurtescu [mailto:mscurte...@google.com] >> Sent: Tuesday, June 22, 2010 3:35 PM >> To: Eran Hammer-Lahav >> Cc: OAuth WG (oauth@ietf.org) >> Subject: Re: native app support (was: Next draft) >> >> On Tue, Jun 22, 2010 at 3:14 PM, Eran Hammer-Lahav >> <e...@hueniverse.com> wrote: >> > In OAuth 1.0a, we needed it for the patch. I don't think this needs to be >> > in >> the spec because it doesn't help interop. If the server supports such a >> scheme, it should document it. It also falls under "previously established >> redirection URI" which happens to point at the server. >> >> OK, that makes sense. >> >> What about: >> > Also, this page should put the verification code and the client state >> > (code and state) in the page title in a standard way such that the >> > native app can extract them from the window title. WRAP defined how >> > the title should be formed. >> >> Extension? > > I don't think this needs a spec. Just something provided by the server. Does > the client need any special handling? It can always just use a static web > page to do this, no?
A spec would help so all servers provide code and state in a consistent format. Client libraries can then provide methods to parse this. Also, client apps connecting to multiple servers can expect some consistency. Marius > > EHL > >> >> Marius >> >> > >> > EHL >> > >> >> -----Original Message----- >> >> From: Marius Scurtescu [mailto:mscurte...@google.com] >> >> Sent: Tuesday, June 22, 2010 1:02 PM >> >> To: Eran Hammer-Lahav >> >> Cc: OAuth WG (oauth@ietf.org) >> >> Subject: Re: native app support (was: Next draft) >> >> >> >> On Tue, Jun 8, 2010 at 10:46 AM, Marius Scurtescu >> >> <mscurte...@google.com> wrote: >> >> > In order to properly support native applications I suggest the >> >> > following changes: >> >> > [...] >> >> > 2. optional redirect_uri (default result page) >> >> > >> >> > Some native apps do not have a redirect_uri, as a result two things >> >> > are >> >> needed: >> >> > >> >> > 2.1 Either make redirect_uri optional or define a standard value >> >> > that signals that the client does not have such a page. >> >> > >> >> > 2.2 The authz server must supply a default result page, if there is >> >> > no redirect_uri. Also, this page should put the verification code >> >> > and the client state (code and state) in the page title in a >> >> > standard way such that the native app can extract them from the >> >> > window title. WRAP defined how the title should be formed. >> >> >> >> Should this also go to an extension? It is not introducing any new >> >> parameters, not sure if it belongs there. OAuth 1 at least defined the >> "oob" special value. >> >> >> >> Marius >> > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
