I wonder how callback parameters are handed back to the calling app.
Nat
2015年6月9日火曜日、Leah Culverleah.cul...@gmail.comさんは書きました:
This is the best news I've heard all year (if it does work well for OAuth).
On Mon, Jun 8, 2015 at 3:16 PM, Aaron Parecki aaron.pare...@gmail.com
javascript:_e(%7B
Thanks Dick.
OIDF is also trying to write a white paper why in-app browser for this purpose
is a bad idea.
=nat via iPhone
2015/05/09 4:28、Dick Hardt dick.ha...@gmail.com のメッセージ:
Glad to know I was not missing something.
I explained all the logic in my first response to the reviewer
://tools.ietf.org/html/draft-sakimura-oauth-meta-03
Needless to say, OAuth can be used to protect RESTful service after it has
gotten the tokens. That's what it was designed for.
My 2c.
Nat
2014-07-09 7:42 GMT+09:00 Jørn Wildt j...@fjeldgruppen.dk:
Could you please elaborate a bit on that question? Its
use on?
What I'm suggesting is that perhaps the use case could be satisfied with
existing spec flows and bespoke use of scope fields, with single use access
tokens.
- Reply message -
From: Nat Sakimura sakim...@gmail.com
To: oauth@googlegroups.com oauth@googlegroups.com
Subject
...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
--
You received this message because you are subscribed to the Google Groups
OAuth group.
To unsubscribe from this group and stop
That can be interesting.
2014-05-22 10:47 GMT+09:00 Fajar Ardian fajar...@gmail.com:
Thanks, Nat.
I am thinking of adding a new flow to OAuth 2.0 protocol. After the web
application sends the tweet to twitter, twitter returns a response saying
that it will process the request only after
receiving emails from it, send an
email to oauth+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
--
You received this message because you are subscribed
this message because you are subscribed to the Google Groups
OAuth group.
To unsubscribe from this group and stop receiving emails from it, send an
email to oauth+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Nat Sakimura (=nat
Use OpenID Connect. It is a profile of OAuth that does SSO.
Google, Microsoft, Salesforce, AOL, etc. have announced the support for it.
Some have already deployed the draft version of it.
Do not create your own.
Nat
2013/3/5 Brice Fraboulet fraboulet.br...@gmail.com
Hi Jolly,
OAuth is used
Hi Steve,
Actually, the OAuth 2.0 Core and Bearer specs were approved by IESG to be
sent to RFC Editor as of today.
That means, it is essentially done.
Nat
On Wed, Aug 1, 2012 at 3:02 PM, Steven WIllmott stev...@gmail.com wrote:
Hi Hannes,
Thanks for your answer - I can definitely
There is one glitch to be sort out: the mime type for form encoding is not
IANA registered. It should be registered by W3C.
However, I expect it to be sort out pretty quickly.
Hannes, do you have any comment?
Nat
On Thu, Aug 2, 2012 at 10:55 AM, Steven WIllmott stev...@gmail.com wrote:
Hi Nat
So it has moved on to IETF from oauth.org.
Google, Facebook among others have been implementing OAuth 2.0 various
revisions to this date.
OAuth 2.0 in IETF is near its completion.
Best,
Nat
On Tue, Mar 20, 2012 at 4:16 AM, SunboX fiedler.an...@googlemail.comwrote:
Last Blog-Post on oauth.net
!
=nat
On Wed, 10 Jun 2009 08:44:06 -0700 (PDT), Zhihong zhih...@gmail.com
wrote:
SimpleSign had the same key rotation issue. Their solution is to add
another Based-64 encoded KeyInfo. That's problematic for us because
KeyInfo is part of XMLDSig and it's not trivial to process without a
library
that this is simple enough?
I would appreciate your insight/opinion/input into this matter.
Best,
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
OAuth group.
To post
On Thu, Apr 30, 2009 at 7:05 AM, Blaine Cook rom...@gmail.com wrote:
On Wed, Apr 29, 2009 at 3:46 PM, Nat Sakimura sakim...@gmail.com wrote:
The other approach is to make it clear that OAuth is Grant (S:V:Data to C:*)
so that the users will be fully aware of the consequence. That will keep
, which, he
probably would not.
=nat
And yes, making request tokens one-time only is a MUST, IMHO.
--
Dossy Shiobara | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network | http://panoptic.com/
He realized the fastest way to change is to laugh at your own
=...@san Francisco via iPhone
On 2009/04/26, at 5:38, John Kemp j...@jkemp.net wrote:
On Apr 26, 2009, at 12:32 AM, Nat Sakimura wrote:
I agree that 2. test(B==C) , i.e., verify that the user at B is the
same user at C is
not the same as 2b. min Prob(B!=C).
The former is clearly more
,
assuming OpenID AuthN is safe enough. For example, make
verified_identifier a part of tokens. Then, user AuthN at the
SP can be done automagically by browser redirect.
=nat
On Sat, Apr 25, 2009 at 8:26 PM, pkeane pjke...@gmail.com wrote:
Sorry:
Almost all of the proposed solution attempt
binding would be preferable over the
current GET/POST binding.
=nat
On Sat, Apr 11, 2009 at 11:14 AM, Allen Tom a...@yahoo-inc.com wrote:
The problem with having the client directly submit the username/password to
the SP is that it requires OAuth Service Providers to have passwords
19 matches
Mail list logo