iants in detail but there is no reason an
authorization server can't implement them.
Regards,
Shane.
From: Justin Richer
To: Gregory Prisament
Cc: oauth@ietf.org
Date: 12/01/2012 06:50 AM
Subject: Re: [OAUTH-WG] Manual Authorization Codes -- Help/Feedback
You definitely can do that with an app-specific password using the
resource owner password flow, but if you're already doing OAuth, why
would you want to?
The Device flow fell by the wayside not because people didn't see value
in it -- many do -- but nobody in the group was actively implementi
Correction: Last paragraph should read:
... Do you think an authorization server could implement
application-specific passwords, passing it off as the "resource owner
credentials" grant type...
On Wed, Jan 11, 2012 at 10:47 AM, Gregory Prisament
wrote:
> Thanks for the link, that's very similar t
Thanks for the link, that's very similar to what I'm going for.
Any idea why people lost interest in the Device Flow? It seems like a
useful option to have!
Also, in doing some research, I came across Google's
"application-specific passwords", which seem to be another way to
solve this problem.
What you're describing is the Device Flow, which was pulled out of the
main document a while ago and now sits here, somewhat outdated and unloved:
http://tools.ietf.org/html/draft-recordon-oauth-v2-device-00
In this, the app gives the user a short code that they enter into a URL,
do the author
Hello,
I am developing a REST API and trying to follow the OAuth 2.0 protocol
for authentication, and have a few questions for you good folks.
The use case I'm interested in is native applications (such as linux
command-line programs) that are unable or unwilling to involve a
user-agent. In this
