Shak wrote:
Hi all,
I'm about to start working on incorporating OAuth in a project I'm
working on. I'll be a resource server, and will therefore have to
issue and manage tokens etc.
My question is regarding OAuth 2. Should I look to support the new
spec? I realise that it's a draft and in flux
Blaine Cook wrote:
> We need to build some consensus around the version preference. As I
> see it, there are several options:
>
> 1. "1.0 Rev A" with no version string change (i.e., oauth_version=1.0)
> 2. "1.0a" (with oauth_version=1.0a)
> 3. "1.1"
>
>
option 3
--~--~-~--~~--
Dossy Shiobara wrote:
> On 4/30/09 7:19 AM, Blaine Cook wrote:
>
>> Looks good, with the exception of the 'oob' value – why not just say
>> that an empty OR absent callback parameter fulfills the same role as
>> 'oob'? There are also plenty of service providers that require static
>> configurat
Peter Keane wrote:
> On Mon, Apr 27, 2009 at 10:50 AM, Eve Maler wrote:
>
>> Peter, thanks for putting the PIN idea in context for me. This is
>> perhaps a dumb question, but since testing equivalence of the *user*
>> (a bag of protoplasm) is sort of a last-mile problem anyway, and since
>> -
pkeane wrote:
>
> This seems like it addresses the the hole adequately as long as an
> attacker that cannot manipulate the callback url cannot succeed (I
> think that's true...).
>
> Further thought on this whole thing makes me think that a one-time
> only token exchange plus a non-modifiable cal
Hi JR,
We also have a similar tool, though it's a windows based app.
http://solutions.mashery.com/docs/tips_and_tricks/oAuth
I had written it for the same exact reasons :)
Rob
jr conlin wrote:
> Hi all,
>
> My apologies for being a slug and not staying on top of the OAuth
> Library stuff, but
