Hi Greg, Google is working on a pure JavaScript flow which does not involve redirects.
Marius On Thu, Mar 17, 2011 at 12:20 PM, Greg Brockman <g...@mit.edu> wrote: > Hi, > > I notice that the current OAuth2 draft seems to have browser redirects > baked in rather deeply. Are there any plans to add support for flows > that don't involve HTTP redirects? For example, it seems at the > moment that pure JavaScript applications aren't well-supported, as the > resource owner must be redirected to the authorization endpoint, thus > leaving the JS app. Now of course trying to do the OAuth flow from > within the JS app (say by displaying the authorization endpoint within > an iframe) might expose phishing attacks, but one could imagine e.g. a > plugin that integrates with the browser in order to provide a > relatively unforgeable OAuth authorization endpoint. > > More generally, does this sound like a use-case that OAuth would be > interested in supporting? > > Thanks, > > - gdb > > (Reposting from oa...@googlegroups.com as this seems a more appropriate > forum.) > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
