In that case, I suggest an extension. But I just don't think this needs it. Why involve the server at all in this? The client should just host a web page somewhere with the format it wants or the language for the user.
With $10 hosting, every client can host a web page somewhere. EHL > -----Original Message----- > From: Marius Scurtescu [mailto:mscurte...@google.com] > Sent: Tuesday, June 22, 2010 4:17 PM > To: Eran Hammer-Lahav > Cc: OAuth WG (oauth@ietf.org) > Subject: Re: native app support (was: Next draft) > > On Tue, Jun 22, 2010 at 4:07 PM, Eran Hammer-Lahav > <e...@hueniverse.com> wrote: > > > >> -----Original Message----- > >> From: Marius Scurtescu [mailto:mscurte...@google.com] > >> Sent: Tuesday, June 22, 2010 3:35 PM > >> To: Eran Hammer-Lahav > >> Cc: OAuth WG (oauth@ietf.org) > >> Subject: Re: native app support (was: Next draft) > >> > >> On Tue, Jun 22, 2010 at 3:14 PM, Eran Hammer-Lahav > >> <e...@hueniverse.com> wrote: > >> > In OAuth 1.0a, we needed it for the patch. I don't think this needs > >> > to be in > >> the spec because it doesn't help interop. If the server supports such > >> a scheme, it should document it. It also falls under "previously > >> established redirection URI" which happens to point at the server. > >> > >> OK, that makes sense. > >> > >> What about: > >> > Also, this page should put the verification code and the client > >> > state (code and state) in the page title in a standard way such > >> > that the native app can extract them from the window title. WRAP > >> > defined how the title should be formed. > >> > >> Extension? > > > > I don't think this needs a spec. Just something provided by the server. Does > the client need any special handling? It can always just use a static web page > to do this, no? > > A spec would help so all servers provide code and state in a consistent > format. Client libraries can then provide methods to parse this. Also, client > apps connecting to multiple servers can expect some consistency. > > Marius > > > > > EHL > > > >> > >> Marius > >> > >> > > >> > EHL > >> > > >> >> -----Original Message----- > >> >> From: Marius Scurtescu [mailto:mscurte...@google.com] > >> >> Sent: Tuesday, June 22, 2010 1:02 PM > >> >> To: Eran Hammer-Lahav > >> >> Cc: OAuth WG (oauth@ietf.org) > >> >> Subject: Re: native app support (was: Next draft) > >> >> > >> >> On Tue, Jun 8, 2010 at 10:46 AM, Marius Scurtescu > >> >> <mscurte...@google.com> wrote: > >> >> > In order to properly support native applications I suggest the > >> >> > following changes: > >> >> > [...] > >> >> > 2. optional redirect_uri (default result page) > >> >> > > >> >> > Some native apps do not have a redirect_uri, as a result two > >> >> > things are > >> >> needed: > >> >> > > >> >> > 2.1 Either make redirect_uri optional or define a standard value > >> >> > that signals that the client does not have such a page. > >> >> > > >> >> > 2.2 The authz server must supply a default result page, if there > >> >> > is no redirect_uri. Also, this page should put the verification > >> >> > code and the client state (code and state) in the page title in > >> >> > a standard way such that the native app can extract them from > >> >> > the window title. WRAP defined how the title should be formed. > >> >> > >> >> Should this also go to an extension? It is not introducing any new > >> >> parameters, not sure if it belongs there. OAuth 1 at least defined > >> >> the > >> "oob" special value. > >> >> > >> >> Marius > >> > > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
