The same user could run the app on multiple computers and I want to distinguish each running instance, so I think it's the app?
Thanks. Vincent On Wednesday, May 29, 2013, Todd W Lainhart wrote: > On behalf of what will the access token be granted - the app (e.g. Word), > or the user running the app? > > * > > > Todd Lainhart > Rational software > IBM Corporation > 550 King Street, Littleton, MA 01460-1250** > 1-978-899-4705 > 2-276-4705 (T/L) > lainh...@us.ibm.com <javascript:_e({}, 'cvml', 'lainh...@us.ibm.com');>* > > > > > From: Vincent Tsang <vincets...@gmail.com <javascript:_e({}, > 'cvml', 'vincets...@gmail.com');>> > To: Nat Sakimura <sakim...@gmail.com <javascript:_e({}, 'cvml', > 'sakim...@gmail.com');>>, > Cc: "oauth@ietf.org <javascript:_e({}, 'cvml', 'oauth@ietf.org');>" > <oauth@ietf.org <javascript:_e({}, 'cvml', 'oauth@ietf.org');>> > Date: 05/29/2013 12:31 AM > Subject: Re: [OAUTH-WG] Device profile usage > Sent by: oauth-boun...@ietf.org <javascript:_e({}, 'cvml', > 'oauth-boun...@ietf.org');> > ------------------------------ > > > > The client is a native windows application, for instance, a document > editor like MS Word. > The editor can upload copies to the cloud (e.g. Amazon S3), then record > the version history and notes associated with each cloud copy to our cloud > service via our cloud application API (to be secured by OAuth access > tokens). > I think it's similar to the case with a media player application (like > VLC/Windows Media Player) that sends playlist/history info to the cloud via > some cloud application API. > I'm just not sure which of the 4 scenarios described in the OAuth spec > could fit in here... > > Thanks. > Vincent > > > On Wed, May 29, 2013 at 11:38 AM, Nat Sakimura > <*sakim...@gmail.com*<javascript:_e({}, 'cvml', 'sakim...@gmail.com');>> > wrote: > A little more application and user context would help. > A use case, so to speak. > > Nat > > 2013/05/29 12:04、Vincent Tsang <*vincets...@gmail.com* <javascript:_e({}, > 'cvml', 'vincets...@gmail.com');>> のメッセ�`ジ: > > > Hi Hannes, > > > > Thanks for your reply. > > Actually I am new to OAuth and am simply trying to search for the best > industrial practice for granting access tokens when the client to our > application API is a simple windows applications, which in most cases runs > on PC's with web browser installed. > > Therefore the scenario doesn't quite match what is described in the > document, as the user doesn't need a separate machine to perform the > verification; it's just that the client application doesn't have internet > browsing capability itself (in this sense it's similar to the "device" > described in this document, though not quite) and so user needs to launch a > separate browser application. > > I ended up on this device profile spec just because it seems to match > closer to our scenario when compared to the 4 cases described in the OAuth > 2 spec, but it could be the case that I didn't understand it fully. > > Maybe I should rephrase my question: could someone please advice what > should be the best practice for granting OAuth tokens to clients which are > native windows applications? > > > > Thanks. > > Vincent > > > > _______________________________________________ > > OAuth mailing list > > *OAuth@ietf.org* <javascript:_e({}, 'cvml', 'OAuth@ietf.org');> > > *https://www.ietf.org/mailman/listinfo/oauth*<https://www.ietf.org/mailman/listinfo/oauth> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <javascript:_e({}, 'cvml', 'OAuth@ietf.org');> > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth