Exactly Marius, and in most cases the app will want to procure a refresh token as a result of the dance so it won't have to put the user though the authorization process again and again. Unless I'm mistaken, the implicit grant provides no means of obtaining a refresh token (http://tools.ietf.org/html/draft-ietf-oauth-v2-13#section-4.2.2). So unless the access tokens themselves are extremely long lived, the implicit grant flow doesn't seem very useful to native clients.
I've heard a number of people suggest the native client -> implicit grant thing but it doesn't make sense to me. Is there something I'm not seeing? On Wed, Feb 16, 2011 at 12:14 PM, Marius Scurtescu <mscurte...@google.com> wrote: > On Wed, Feb 16, 2011 at 11:06 AM, William Mills <wmi...@yahoo-inc.com> wrote: >> Token endpoint with username/password credential doesn't solve this? >> Depends on the auth scheme of course, but Bearer should provide a solution? > > Not at all, in most case native apps must use the browser based 3-legged > dance. > > Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
