On Tue, May 10, 2011 at 4:43 PM, Lodderstedt, Torsten
t.lodderst...@telekom.de wrote:
Hi Marius,
wrt auto-approval: how is the authorization server supposed to validated
the client's identity in a reliable way? Otherwise another application (using
the id of the legitimate client) could
: Dienstag, 10. Mai 2011 21:15
An: Doug Tangren
Cc: oauth@ietf.org
Betreff: Re: [OAUTH-WG] oauth2 implicit flow user experience
On Tue, May 10, 2011 at 6:25 AM, Doug Tangren d.tang...@gmail.com
wrote:
Hi,
I'm implementing an authorization and resource server at worked based
Nachricht-
Von: Marius Scurtescu [mailto:mscurte...@google.com]
Gesendet: Mittwoch, 11. Mai 2011 20:28
An: Lodderstedt, Torsten
Cc: oauth@ietf.org; Doug Tangren
Betreff: Re: [OAUTH-WG] oauth2 implicit flow user experience
On Tue, May 10, 2011 at 4:43 PM, Lodderstedt, Torsten
t.lodderst
@ietf.org; Doug Tangren
Betreff: Re: [OAUTH-WG] oauth2 implicit flow user experience
On Tue, May 10, 2011 at 4:43 PM, Lodderstedt, Torsten
t.lodderst...@telekom.de wrote:
Hi Marius,
wrt auto-approval: how is the authorization server supposed to
validated the client's identity
On Wed, May 11, 2011 at 11:44 AM, Lodderstedt, Torsten
t.lodderst...@telekom.de wrote:
How shall the authorization server ensure that the calling client is a
user-agent based app (i.e. a native app could impersonate an user-agent based
app)?
Through registration and redirect URI validation.
On Wed, May 11, 2011 at 3:26 PM, Lodderstedt, Torsten
t.lodderst...@telekom.de wrote:
Through registration and redirect URI validation. A native app does
not have to impersonate, they can just register a user-agent client.
Everything boils down to the user trusting the app. As Breno
Hi,
I'm implementing an authorization and resource server at worked based on the
oauth2 draft 15. A question arose about the user experience of users of an
implicit client flow. I've set a one hour expiry on access tokens but now
the question is should the client be forced to re-prompt the user
On Tue, May 10, 2011 at 6:25 AM, Doug Tangren d.tang...@gmail.com wrote:
Hi,
I'm implementing an authorization and resource server at worked based on the
oauth2 draft 15. A question arose about the user experience of users of an
implicit client flow. I've set a one hour expiry on access
: Dienstag, 10. Mai 2011 21:15
An: Doug Tangren
Cc: oauth@ietf.org
Betreff: Re: [OAUTH-WG] oauth2 implicit flow user experience
On Tue, May 10, 2011 at 6:25 AM, Doug Tangren d.tang...@gmail.com
wrote:
Hi,
I'm implementing an authorization and resource server at worked based
on the
oauth2