Done.
Also removed ' and the authentication of the client is based on the
user-agent's same-origin policy'.
EHL
> -Original Message-
> From: Brian Campbell [mailto:bcampb...@pingidentity.com]
> Sent: Wednesday, March 02, 2011 6:05 AM
> To: Eran Hammer-Lahav
> Cc: Marius Scurtescu; OAuth
be removed or replicated throughout, but I think we might
>>> want a paragraph addressing native apps more deeply in the introduction. We
>>> don't want to give the (incorrect) impression that the implicit flow is the
>>> only or even preferred flow for native apps.
&g
even preferred flow for native apps.
> >
> > -- Justin
> > ____________
> > From: oauth-boun...@ietf.org [oauth-boun...@ietf.org] On Behalf Of Torsten
> > Lodderstedt [tors...@lodderstedt.net]
> > Sent: Monday, March 07, 2011 5:00 AM
>
8 AM
> To: Richer, Justin P.
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] slightly alternative preamble (was: Re: Draft -12
> feedback deadline)
>
> Justin has well stated my view on this. Folks here have explained how the
> flows can work for (or doesn't prohibit) a native app,
Brian: I agree with your comments if native apps are not going to be supported
in OAuth v2.
my -1 is towards dropping native app support, and your suggestion was the
easiest thread to comment on.
On 2011-03-07, at 7:15 AM, Brian Campbell wrote:
> I don't disagree with any of that, Dick. But i
; -- Justin
>
> From: oauth-boun...@ietf.org [oauth-boun...@ietf.org] On Behalf Of Torsten
> Lodderstedt [tors...@lodderstedt.net]
> Sent: Monday, March 07, 2011 5:00 AM
> To: Dick Hardt
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] slightly a
I don't disagree with any of that, Dick. But in the absence of any
specific solution or recommendation from the WG regarding native apps,
I am simply asking that the somewhat misleading text be removed from
the framework spec.
On Sun, Mar 6, 2011 at 3:12 PM, Dick Hardt wrote:
> -1
>
> Many sites
Sent: Monday, March 07, 2011 8:54 AM
> To: Torsten Lodderstedt; Dick Hardt
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] slightly alternative preamble (was:
> Re: Draft -12 feedback deadline)
>
> Agree with Torsten - having the mention in just that one
> place doesn't make sen
ubject: Re: [OAUTH-WG] slightly alternative preamble (was: Re: Draft -12
feedback deadline)
Hi Dick,
I agree with you, the OAuth standard should offer clear patterns for
native apps.
All native apps I'm familiar with use the authorization code, which is
because of its support for refresh
Hi Dick,
I agree with you, the OAuth standard should offer clear patterns for
native apps.
All native apps I'm familiar with use the authorization code, which is
because of its support for refresh tokens. But the current text of the
spec only suggests to use the implict grant flow to impleme
-1
Many sites are using OAuth (or something like it) in native apps now.
One of the objectives of having a standard is to bring best practices and
standardization to how to solve a problem rather than "a million freakin unique
snowflakes" where developers have to learn and code each mechanism
+1
Am 02.03.2011 15:05, schrieb Brian Campbell:
I propose that the "or native applications" text be dropped from the
first paragraph in section 4.2 Implicit Grant [1].
There is clearly some disagreement about what is most appropriate for
mobile/native applications and many, including myself, d
I propose that the "or native applications" text be dropped from the
first paragraph in section 4.2 Implicit Grant [1].
There is clearly some disagreement about what is most appropriate for
mobile/native applications and many, including myself, don't feel that
the implicit grant works well to sup
13 matches
Mail list logo
