I have been learning about OAuth a bit (I managed to access a GMail inbox from GAE: http://simplenotepad.appspot.com/text/goggle-app-engine-oauth-access-to-gmail), but I am still unclear on one point. Assuming I (i.e., the web app) can get the access token, is it possible to construct a URL that can be placed in an i...@src in the rendered html to allow the browser to access a "restricted" image?
The use case is a digital image library (in heavy use at UT Austin) in which some images are only available under "fair use." The "image server" is a separate application from the rest of the app: we currently check for a UT-specific secure cookie to serve restricted images (lack of the cookie simply causes us to send a thumbnail version). I'd much prefer a URL-based access scheme with a two-legged OAuth approach. This piece need not be uber-secure -- we just don't want to put all of the assets on the open web. --peter keane --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
