Thanks everyone for the helpful suggestions - special thanks to Justin for the detailed description. I now agree the authorization code flow is applicable to our use case and seems 6d in Justin's response is a good way to go.
Cheers, Vincent On Thu, May 30, 2013 at 1:27 AM, Todd W Lainhart <lainh...@us.ibm.com>wrote: > > The same user could run the app on multiple computers and I want to > distinguish each running instance, so I think it's the app? > > I asked, because I wondered if the client credentials flow or the auth > code flow was the more appropriate flow. It sounds like you want to > identify both the client and the user, but it's unclear if it's required > that the client authenticate. Also, I can't tell from your use case if > OAuth is the appropriate solution. > > If it is the right solution, Justin's response sounds like the way to go. > > * > > > Todd Lainhart > Rational software > IBM Corporation > 550 King Street, Littleton, MA 01460-1250** > 1-978-899-4705 > 2-276-4705 (T/L) > lainh...@us.ibm.com* > > > > > From: Vincent Tsang <vincets...@gmail.com> > To: Todd W Lainhart/Lexington/IBM@IBMUS, > Cc: "oauth@ietf.org" <oauth@ietf.org>, "oauth-boun...@ietf.org" < > oauth-boun...@ietf.org>, Nat Sakimura <sakim...@gmail.com> > Date: 05/29/2013 10:29 AM > Subject: Re: Device profile usage > ------------------------------ > > > > The same user could run the app on multiple computers and I want to > distinguish each running instance, so I think it's the app? > > Thanks. > Vincent > > On Wednesday, May 29, 2013, Todd W Lainhart wrote: > On behalf of what will the access token be granted - the app (e.g. Word), > or the user running the app? > * > > > Todd Lainhart > Rational software > IBM Corporation > 550 King Street, Littleton, MA 01460-1250** > 1-978-899-4705 > 2-276-4705 (T/L)** > **lainh...@us.ibm.com* > > > > > > From: Vincent Tsang <*vincets...@gmail.com*> > To: Nat Sakimura <*sakim...@gmail.com*>, > Cc: "*oauth@ietf.org*" <*oauth@ietf.org*> > Date: 05/29/2013 12:31 AM > Subject: Re: [OAUTH-WG] Device profile usage > Sent by: *oauth-boun...@ietf.org* > ------------------------------ > > > > The client is a native windows application, for instance, a document > editor like MS Word. > The editor can upload copies to the cloud (e.g. Amazon S3), then record > the version history and notes associated with each cloud copy to our cloud > service via our cloud application API (to be secured by OAuth access > tokens). > I think it's similar to the case with a media player application (like > VLC/Windows Media Player) that sends playlist/history info to the cloud via > some cloud application API. > I'm just not sure which of the 4 scenarios described in the OAuth spec > could fit in here... > > Thanks. > Vincent > > > On Wed, May 29, 2013 at 11:38 AM, Nat Sakimura <*sakim...@gmail.com*> > wrote: > A little more application and user context would help. > A use case, so to speak. > > Nat > > 2013/05/29 12:04、Vincent Tsang <*vincets...@gmail.com*> のメッセージ: > > > Hi Hannes, > > > > Thanks for your reply. > > Actually I am new to OAuth and am simply trying to search for the best > industrial practice for granting access tokens when the client to our > application API is a simple windows applications, which in most cases runs > on PC's with web browser installed. > > Therefore the scenario doesn't quite match what is described in the > document, as the user doesn't need a separate machine to perform the > verification; it's just that the client application doesn't have internet > browsing capability itself (in this sense it's similar to the "device" > described in this document, though not quite) and so user needs to launch a > separate browser application. > > I ended up on this device profile spec just because it seems to match > closer to our scenario when compared to the 4 cases described in the OAuth > 2 spec, but it could be the case that I didn't understand it fully. > > Maybe I should rephrase my question: could someone please advice what > should be the best practice for granting OAuth tokens to clients which are > native windows applications? > > > > Thanks. > > Vincent > > > > _______________________________________________ > > OAuth mailing list > > *OAuth@ietf.org* > > *https://www.ietf.org/mailman/listinfo/oauth*<https://www.ietf.org/mailman/listinfo/oauth> > _______________________________________________ > OAuth mailing list* > **OAuth@ietf.org** > **https://www.ietf.org/mailman/listinfo/oauth*<https://www.ietf.org/mailman/listinfo/oauth> > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth