Am 20.09.2010 07:34, schrieb Luke Shepard:
Yes, Facebook is recommending the User-Agent flow for desktop
> applications. This works for them because access tokens issued by
> Facebook are not short lived, I don't think they expire. The desktop
> app does not need a refresh token.
>
> If th
What is dynamic client registration?
I think it will be common to naively to use the password grant in a client app
(like on a phone) when the company making the app is the same as the company
who controls the auth server.
The question is whether there is really anyway to know if that client ap
>
>> Luke Shepard also indicated in his posting
>> http://www.ietf.org/mail-archive/web/oauth/current/msg03509.html that
>> facebook supports the user agent flow for desktop applications. Facebook's
>> iOS SDK seems to use the same technique for mobile apps.
>
> Yes, Facebook is recommending the
On Sun, Sep 19, 2010 at 7:29 AM, Torsten Lodderstedt
wrote:
> Am 16.09.2010 21:35, schrieb Marius Scurtescu:
>>
>> On Thu, Sep 16, 2010 at 12:00 PM, Torsten Lodderstedt
>> wrote:
>>>
>>> I don't know whether I understand you correctly. Are you saying that
>>> refresh tokens only make sense in W
Am 18.09.2010 01:28, schrieb Kris Selden:
Secrets on native apps are good! The key is (no pun intended) that the secret
not ship with the app. Each client should register for its own client_id and
secret when it is installed on the client machine.
Maybe I'm missing something but...
If it h
Am 16.09.2010 21:35, schrieb Marius Scurtescu:
On Thu, Sep 16, 2010 at 12:00 PM, Torsten Lodderstedt
wrote:
I don't know whether I understand you correctly. Are you saying that refresh
tokens only make sense in Web servers?
I was referring to the "web server" flow/profile. Not web servers i
> Secrets on native apps are good! The key is (no pun intended) that the
> secret not ship with the app. Each client should register for its own
> client_id and secret when it is installed on the client machine.
Maybe I'm missing something but...
If it has no credentials, why does sending it
On Thu, Sep 16, 2010 at 12:00 PM, Torsten Lodderstedt
wrote:
> I don't know whether I understand you correctly. Are you saying that refresh
> tokens only make sense in Web servers?
I was referring to the "web server" flow/profile. Not web servers in general.
Why would a native app use the user-
I don't know whether I understand you correctly. Are you saying that refresh
tokens only make sense in Web servers?
regards,
Torsten.
Am 16.09.2010 um 18:04 schrieb Marius Scurtescu :
> On Wed, Sep 15, 2010 at 10:39 PM, Torsten Lodderstedt
> wrote:
>> Am 16.09.2010 um 05:53 schrieb Andrew Ar
On Wed, Sep 15, 2010 at 10:39 PM, Torsten Lodderstedt
wrote:
> Am 16.09.2010 um 05:53 schrieb Andrew Arnott :
>
> The user agent flow works for native apps that can host a web browser. It
> works pretty well in my experience.
>
> Would like to see support for refresh tokens in this flow?
Sure, U
Am 16.09.2010 um 05:53 schrieb Andrew Arnott :
> The user agent flow works for native apps that can host a web browser. It
> works pretty well in my experience.
>
Would like to see support for refresh tokens in this flow?
> Secrets on native apps are good! The key is (no pun intended) that the
The user agent flow works for native apps that can host a web browser. It
works pretty well in my experience.
Secrets on native apps are good! The key is (no pun intended) that the
secret *not ship with the app*. Each client should register for its own
client_id and secret when it is installed
I don't see why would you use the user-agent flow with a native
application? Maybe the spec should suggest only the web server flow.
The device flow would also work, but that's not part of the core spec.
Marius
On Wed, Sep 15, 2010 at 2:47 PM, Torsten Lodderstedt
wrote:
> I'm wondering whethe
I'm wondering whether it makes sense to allow for the issuance of
refresh tokens by the user-agent flow.
Background of my considerations is the development of applications on
mobile devices (apps :-)). The draft suggests to either use the web
server or the user agent flow for the integration
14 matches
Mail list logo
