+1
In Yahoo¹s case, we would also like to use the Client Credentials Flow for
all ³2 legged² APIs.
Allen
On 4/12/10 6:29 PM, "Luke Shepard" wrote:
> In Facebook¹s case, we would like to make our entire API accessible
> exclusively via OAuth including properties, metrics, etc. For our purpos
Eran,
> I agree
Thanks.
> , BUT.
> I don’t think it is very practical at this point. Defining new authentication
> schemes (i.e. SAML assertion) means slower deployment due to lack of support
> in existing applications.
There are no existing apps that support the SAML flow as it was only wr
I agree, BUT.
I don't think it is very practical at this point. Defining new authentication
schemes (i.e. SAML assertion) means slower deployment due to lack of support in
existing applications. Reusing existing authentication schemes for a new set of
credentials has its own deployment challeng
are taken.”
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Manger, James H
Sent: Monday, April 12, 2010 4:10 PM
To: OAuth WG
Subject: [OAUTH-WG] authenticating client-to-authz.server calls
Requests from a client app to collect an access token don’t need to us
.”
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Manger, James H
Sent: Monday, April 12, 2010 4:10 PM
To: OAuth WG
Subject: [OAUTH-WG] authenticating client-to-authz.server calls
Requests from a client app to collect an access token don’t need to use an
OAuth-specific
Requests from a client app to collect an access token don’t need to use an
OAuth-specific client authentication mechanism.
A service that issues a client app with credentials (eg a client_id and
client_secret) is very likely to offer APIs specifically for clients, in
addition to APIs for clie
