Good deal. Thanks all for the discussion.
--
Steven
On Sat, Dec 4, 2010 at 2:31 PM, Rick Cobb rick_c...@ieee.org wrote:
On Sat, Dec 4, 2010 at 11:44 AM, Steven Cummings estebis...@gmail.comwrote:
On Dec 4, 12:57 pm, Rasmus Lerdorf ras...@lerdorf.com wrote:
Your 3-legged issue is very standard practice, is it not? A user will
authorize a client app to act on her behalf. Once that authorization
has been granted her presence is irrelevant. If she no longer wants to
allow the app to act on her behalf she can revoke the access token.
Yes, I thought this was very straightforward too. The question was
more generally, outside of the redirect scenarios described in the
spec are there any other common mechanisms for this async situation.
It's not just that the user doesn't always have to be there (duh), but
is it inappropriate for the user to proactively provide the grant for
the OAuth consumer to pick up and user later? I.e., is it
appropriate to decouple their temporal proximity at the oauth provider
altogether?
AFAICT, that's a key use-case for OAuth. Just tell the user how long the
authorization is for at the authorization stage -- a minute or a millenium
is OK. To extend the canonical example, this would let you schedule a
nightly backup of your pictures from one site to another.
-- ReC
--
You received this message because you are subscribed to the Google Groups
OAuth group.
To post to this group, send email to oa...@googlegroups.com.
To unsubscribe from this group, send email to
oauth+unsubscr...@googlegroups.com oauth%2bunsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
--
You received this message because you are subscribed to the Google Groups
OAuth group.
To post to this group, send email to oa...@googlegroups.com.
To unsubscribe from this group, send email to
oauth+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.