Hi Marius, Can you provide very high level details on what that approach is?
thanks Mark oauth-boun...@ietf.org wrote on 01/04/2011 02:34:56: > Marius Scurtescu <mscurte...@google.com> > Sent by: oauth-boun...@ietf.org > > 01/04/2011 02:34 > > To > > Greg Brockman <g...@mit.edu> > > cc > > oauth@ietf.org > > Subject > > Re: [OAUTH-WG] OAuth without HTTP redirects > > Hi Greg, > > Google is working on a pure JavaScript flow which does not involve redirects. > > Marius > > > > On Thu, Mar 17, 2011 at 12:20 PM, Greg Brockman <g...@mit.edu> wrote: > > Hi, > > > > I notice that the current OAuth2 draft seems to have browser redirects > > baked in rather deeply. Are there any plans to add support for flows > > that don't involve HTTP redirects? For example, it seems at the > > moment that pure JavaScript applications aren't well-supported, as the > > resource owner must be redirected to the authorization endpoint, thus > > leaving the JS app. Now of course trying to do the OAuth flow from > > within the JS app (say by displaying the authorization endpoint within > > an iframe) might expose phishing attacks, but one could imagine e.g. a > > plugin that integrates with the browser in order to provide a > > relatively unforgeable OAuth authorization endpoint. > > > > More generally, does this sound like a use-case that OAuth would be > > interested in supporting? > > > > Thanks, > > > > - gdb > > > > (Reposting from oa...@googlegroups.com as this seems a more > appropriate forum.) > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
