Token endpoint with username/password credential doesn't solve this? Depends on the auth scheme of course, but Bearer should provide a solution?
> -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Marius Scurtescu > Sent: Wednesday, February 16, 2011 10:58 AM > To: Eran Hammer-Lahav > Cc: OAuth WG > Subject: Re: [OAUTH-WG] Draft -12 feedback deadline > > On Wed, Feb 16, 2011 at 10:43 AM, Eran Hammer-Lahav > <e...@hueniverse.com> wrote: > > > > > >> -----Original Message----- > >> From: Marius Scurtescu [mailto:mscurte...@google.com] > >> Sent: Wednesday, February 16, 2011 9:05 AM > > > >> Yes, I understand. But Native Apps have no appropriate flow now, and > they > >> started the whole protocol. > > > > I am not sure "they started the whole protocol" (it was more like > OpenID in Twitter API), but either way, why can't they use the implicit > grant type? That's where the specification is guiding them towards. > > That would be the old User-Agent flow? > > That's terrible for native apps, native apps need long lived > credentials. > > Marius > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
