Re: [OAUTH-WG] OAuth mobile flow

Mon, 25 Mar 2013 00:56:36 -0700 

Hi Shane
On 25/03/13 00:54, Shane B Weeden wrote:

There are several options. I've developed a few based on azn code flow with
custom "delivery" of the code, and also resource owner password credentials
flow with a public client id (although I personally don't like the idea of
ever presenting my real credentials to the phone but business owners seem
to still want to do that).

These might give you an idea:
https://www-304.ibm.com/connections/blogs/sweeden/entry/mobile_oauth_application_demonstration
https://www-304.ibm.com/connections/blogs/sweeden/entry/mobile_demonstration_under_the_hood
http://www.youtube.com/watch?v=cLLrZMt_hII


This is interesting, thank you.
I'm just wondering, how does you application decide that the access token is to be returned effectively out of band (which reminds me of the 'oob' redirect uri from OAuth 1.0).
Looks like the client_id being equal to "mobileClient" (in your demo) is a hint.
If yes, then would you (and others) see any benefit in actually attempting to get an 'oob' redirect_uri value standardized ? (sorry if this was already raised earlier).
I can see how I can get a generic framework for supporting writing OAuth2 applications returning the code directly to the browser even without having 'oob' redirect uri - example, one can configure the authorization endpoint to recognize that a particular client_id requires an out of band delivery of the access token, etc.
FYI, I like the device code flow you linked to though appreciate the simplicity of returning the token to the browser in demos, etc... 

Cheers, Sergey



Regards,
Shane.



From:   Security Developer<security.develope...@gmail.com>
To:     OAuth@ietf.org
Date:   25/03/2013 05:52 AM
Subject:        [OAUTH-WG] OAuth mobile flow
Sent by:        oauth-boun...@ietf.org



Hi,

Can any body please help in describing the OAuth flow for mobile
applications?

Thanks for your time._______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to