Am 16.09.2010 21:35, schrieb Marius Scurtescu:
On Thu, Sep 16, 2010 at 12:00 PM, Torsten Lodderstedt
<tors...@lodderstedt.net> wrote:
I don't know whether I understand you correctly. Are you saying that refresh
tokens only make sense in Web servers?
I was referring to the "web server" flow/profile. Not web servers in general.
Why would a native app use the user-agent flow (response_type=token)
over the web server flow (response_type=code)?
The draft mentions both options
(http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-1.4.3) and
also states:
"Embedded user-agents often offer a better end-user flow, as they remove
the need to switch context and open new windows."
Luke Shepard also indicated in his posting
http://www.ietf.org/mail-archive/web/oauth/current/msg03509.html that
facebook supports the user agent flow for desktop applications.
Facebook's iOS SDK seems to use the same technique for mobile apps.
regards,
Torsten.
Marius
regards,
Torsten.
Am 16.09.2010 um 18:04 schrieb Marius Scurtescu<mscurte...@google.com>:
On Wed, Sep 15, 2010 at 10:39 PM, Torsten Lodderstedt
<tors...@lodderstedt.net> wrote:
Am 16.09.2010 um 05:53 schrieb Andrew Arnott<andrewarn...@gmail.com>:
The user agent flow works for native apps that can host a web browser. It
works pretty well in my experience.
Would like to see support for refresh tokens in this flow?
Sure, User-Agent works for native apps, but why would you use this
flow over web server?
In other words, why add refresh tokens to user-agent when you can use
web server?
Thanks,
Marius
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
