> -----Original Message----- > From: Marius Scurtescu [mailto:mscurte...@google.com] > Sent: Tuesday, June 22, 2010 3:35 PM > To: Eran Hammer-Lahav > Cc: OAuth WG (oauth@ietf.org) > Subject: Re: native app support (was: Next draft) > > On Tue, Jun 22, 2010 at 3:14 PM, Eran Hammer-Lahav > <e...@hueniverse.com> wrote: > > In OAuth 1.0a, we needed it for the patch. I don't think this needs to be in > the spec because it doesn't help interop. If the server supports such a > scheme, it should document it. It also falls under "previously established > redirection URI" which happens to point at the server. > > OK, that makes sense. > > What about: > > Also, this page should put the verification code and the client state > > (code and state) in the page title in a standard way such that the > > native app can extract them from the window title. WRAP defined how > > the title should be formed. > > Extension?
I don't think this needs a spec. Just something provided by the server. Does the client need any special handling? It can always just use a static web page to do this, no? EHL > > Marius > > > > > EHL > > > >> -----Original Message----- > >> From: Marius Scurtescu [mailto:mscurte...@google.com] > >> Sent: Tuesday, June 22, 2010 1:02 PM > >> To: Eran Hammer-Lahav > >> Cc: OAuth WG (oauth@ietf.org) > >> Subject: Re: native app support (was: Next draft) > >> > >> On Tue, Jun 8, 2010 at 10:46 AM, Marius Scurtescu > >> <mscurte...@google.com> wrote: > >> > In order to properly support native applications I suggest the > >> > following changes: > >> > [...] > >> > 2. optional redirect_uri (default result page) > >> > > >> > Some native apps do not have a redirect_uri, as a result two things > >> > are > >> needed: > >> > > >> > 2.1 Either make redirect_uri optional or define a standard value > >> > that signals that the client does not have such a page. > >> > > >> > 2.2 The authz server must supply a default result page, if there is > >> > no redirect_uri. Also, this page should put the verification code > >> > and the client state (code and state) in the page title in a > >> > standard way such that the native app can extract them from the > >> > window title. WRAP defined how the title should be formed. > >> > >> Should this also go to an extension? It is not introducing any new > >> parameters, not sure if it belongs there. OAuth 1 at least defined the > "oob" special value. > >> > >> Marius > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
