On Wed, Jan 5, 2011 at 2:55 PM, Francisco Corella <fcore...@pomcor.com> wrote: > > > Native application clients can be implemented in different > > ways based on their requirements and desired end-user > > experience. Native application clients can: > > > > o Utilize the end-user authorization endpoint as described in > > Section 4 by launching an external user-agent. The > > client can capture the response by providing a > > redirection URI with a custom URI scheme (registered > > with the operating system to invoke the client > > application), > > This seems to be saying that the user's machine has a Web > server running on it which is reachable from the Internet by > sending an http request to the redirection URI. That's > unrealistic because the user's machine won't typically have > a permanent IP address reachable from the internet.
For custom schemes you don't need a local web server. You can also use a local web server, no routable/permanent IP is needed. The authorization server can redirect to localhost perfectly fine. Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
