On Sat, Apr 25, 2009 at 1:04 PM, Brian Eaton <bea...@google.com> wrote: > On Sat, Apr 25, 2009 at 12:26 PM, Josh Roesslein <jroessl...@gmail.com> wrote: >> Thanks for posting that Brian. >> >> I'm leaning towards signed approval URLs. Seems the best way to go IMO. >> Seems to solve the issues and also helps simplify the OAuth flow. > > The major pain point of signed approval URLs is that we would lose > support for devices that either > a) can't open a web browser (because the signed approval URL is really long) > or > b) can't receive a callback URL (because the callback token is really long). >
Err, I should have pointed out that the other objection I've heard to signed approval URLs is that they are a major departure from the current protocol, and thus will slow down deployment of fixes. I'm not sure that's true, but it seems plausible. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---