On Thu, Apr 30, 2009 at 11:59 AM, Josh Roesslein <jroessl...@gmail.com>wrote:
> Here is some pseudo python code of what I have in mind for a more higher > level library: http://pastie.org/464241 > > This is not a final design, there are other details I have left out, but it > demonstrates the flow for the consumer of authenticating with oauth. Yea, that's pretty much what I had envisioned. And I counter: http://dpaste.com/39773/ As long as the consumer is tasked with persisting the request token you're not going to be able to do much to prevent early binding. And I still don't think there's much risk here anyways. In all the time I've been talking to people about OAuth I've never heard of anyone trying to do this (has anyone else?). There's just no reason to do it, and (I'll reiterate) it's harder than doing the right thing. Also, your DataStore code is very similar to the way the Python OAuth library manages tokens for SPs, and that code is the most confusing / least understood bit of the library (just had a conversation with Leah about just that). So I'm wary of requiring consumer developers (who have less at stake and are often less experienced) to do something that's already confusing developers on the SP side. Mike --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
