Yes, it's the app that is granted a token on behalf of the user. This is
a very classic OAuth pattern.
-- Justin
On 05/29/2013 10:20 AM, Vincent Tsang wrote:
The same user could run the app on multiple computers and I want to
distinguish each running instance, so I think it's the app?
Thanks.
Vincent
On Wednesday, May 29, 2013, Todd W Lainhart wrote:
On behalf of what will the access token be granted - the app (e.g.
Word), or the user running the app?
*
Todd Lainhart
Rational software
IBM Corporation
550 King Street, Littleton, MA 01460-1250**
1-978-899-4705
2-276-4705 (T/L)
lainh...@us.ibm.com <javascript:_e({}, 'cvml',
'lainh...@us.ibm.com');>*
From: Vincent Tsang <vincets...@gmail.com <javascript:_e({},
'cvml', 'vincets...@gmail.com');>>
To: Nat Sakimura <sakim...@gmail.com <javascript:_e({}, 'cvml',
'sakim...@gmail.com');>>,
Cc: "oauth@ietf.org <javascript:_e({}, 'cvml',
'oauth@ietf.org');>" <oauth@ietf.org <javascript:_e({}, 'cvml',
'oauth@ietf.org');>>
Date: 05/29/2013 12:31 AM
Subject: Re: [OAUTH-WG] Device profile usage
Sent by: oauth-boun...@ietf.org <javascript:_e({}, 'cvml',
'oauth-boun...@ietf.org');>
------------------------------------------------------------------------
The client is a native windows application, for instance, a
document editor like MS Word.
The editor can upload copies to the cloud (e.g. Amazon S3), then
record the version history and notes associated with each cloud
copy to our cloud service via our cloud application API (to be
secured by OAuth access tokens).
I think it's similar to the case with a media player application
(like VLC/Windows Media Player) that sends playlist/history info
to the cloud via some cloud application API.
I'm just not sure which of the 4 scenarios described in the OAuth
spec could fit in here...
Thanks.
Vincent
On Wed, May 29, 2013 at 11:38 AM, Nat Sakimura
<_sakimura@gmail.com_ <javascript:_e({}, 'cvml',
'sakim...@gmail.com');>> wrote:
A little more application and user context would help.
A use case, so to speak.
Nat
2013/05/29 12:04?Vincent Tsang <_vincetsang@gmail.com_
<javascript:_e({}, 'cvml', 'vincets...@gmail.com');>> ??????:
> Hi Hannes,
>
> Thanks for your reply.
> Actually I am new to OAuth and am simply trying to search for
the best industrial practice for granting access tokens when the
client to our application API is a simple windows applications,
which in most cases runs on PC's with web browser installed.
> Therefore the scenario doesn't quite match what is described in
the document, as the user doesn't need a separate machine to
perform the verification; it's just that the client application
doesn't have internet browsing capability itself (in this sense
it's similar to the "device" described in this document, though
not quite) and so user needs to launch a separate browser application.
> I ended up on this device profile spec just because it seems to
match closer to our scenario when compared to the 4 cases
described in the OAuth 2 spec, but it could be the case that I
didn't understand it fully.
> Maybe I should rephrase my question: could someone please advice
what should be the best practice for granting OAuth tokens to
clients which are native windows applications?
>
> Thanks.
> Vincent
>
> _______________________________________________
> OAuth mailing list
> _OAuth@ietf.org_ <javascript:_e({}, 'cvml', 'OAuth@ietf.org');>
> _https://www.ietf.org/mailman/listinfo/oauth_
_______________________________________________
OAuth mailing list
OAuth@ietf.org <javascript:_e({}, 'cvml', 'OAuth@ietf.org');>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
