[OAUTH-WG] Comments on Web Callback & Client Flow

A few comments on the Web Server and Web Client flow from the draft 2.0 spec . Evan 2.4.1 Web Callback Flow & 2.4.2 Web Client Flow In both flows, the authorization server should be able redirect back to the callback URI without interacting

Re: [OAUTH-WG] Draft progress update

On 04/02/2010 06:07 AM, Luke Shepard wrote: On Apr 1, 2010, at 6:59 PM, Peter Saint-Andre wrote: If that's true, then how does the Authorization Server know what scope is appropriate at the Protected Resource? Does inclusion of the scope parameter require a 1:1 mapping between AS and PR, or at

Re: [OAUTH-WG] What are the OAuth design principles?

On 04/02/2010 01:57 AM, Peter Saint-Andre wrote: On 3/24/10 11:32 AM, Leif Johansson wrote: On 03/23/2010 12:00 AM, Eve Maler wrote: Since the discussion in the "OAuth after-party" seemed to warrant bringing it up, I mentioned the UMA design principles/requirements document. You can find it he

Re: [OAUTH-WG] Renaming expires to expires_in?

Ok, maybe something like "lifetime"? On Apr 5, 2010, at 12:46 PM, Paul Lindner wrote: +1 This would more closely match the nomenclature used by the oauth session extension. On Mon, Apr 5, 2010 at 9:09 AM, David Recordon > wrote: As one of our engineers was implementing a client, they got

Re: [OAUTH-WG] Renaming expires to expires_in?

+1 This would more closely match the nomenclature used by the oauth session extension . On Mon, Apr 5, 2010 at 9:09 AM, David Recordon wrote: > As one of our engineers was implementing a client, they got confused about > w

[OAUTH-WG] Renaming expires to expires_in?

As one of our engineers was implementing a client, they got confused about what was being returned by the expires parameter. Anyone object to renaming it to expires_in so that it's clear that it isn't an absolute timestamp? Thanks, --David ___ OAuth ma