A little more application and user context would help. A use case, so to speak.
Nat 2013/05/29 12:04、Vincent Tsang <vincets...@gmail.com> のメッセージ: > Hi Hannes, > > Thanks for your reply. > Actually I am new to OAuth and am simply trying to search for the best > industrial practice for granting access tokens when the client to our > application API is a simple windows applications, which in most cases runs on > PC's with web browser installed. > Therefore the scenario doesn't quite match what is described in the document, > as the user doesn't need a separate machine to perform the verification; it's > just that the client application doesn't have internet browsing capability > itself (in this sense it's similar to the "device" described in this > document, though not quite) and so user needs to launch a separate browser > application. > I ended up on this device profile spec just because it seems to match closer > to our scenario when compared to the 4 cases described in the OAuth 2 spec, > but it could be the case that I didn't understand it fully. > Maybe I should rephrase my question: could someone please advice what should > be the best practice for granting OAuth tokens to clients which are native > windows applications? > > Thanks. > Vincent > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth