[Code] OpenId on no HTML user-agents

Andrew Arnott andrewarnott at gmail.com
Thu Feb 4 13:48:49 UTC 2010


You're correct, Valentino. In OAuth, a device without a web browser on it
must indicate to the user to find a web browser [on another device] to
authorize the token.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre


On Thu, Feb 4, 2010 at 2:17 AM, valentino miazzo <
valentino.miazzo at blu-labs.com> wrote:

>  Hi,
> thanks Chris for the links but is not clear to me how OAuth can be used
> without a HTML browser.
> Could you help me?
>
> I'm a newbie an I'm reading here
> http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html .
>
> At step 3, the user is asked to browse to
> https://api.login.yahoo.com/oauth/v2/request_auth?oauth_token=<myreqtoken>
> and the document says
> <<If your application does not have access to a browser, it must provide
> the User with the Yahoo! authorization page URL and Request Token, both
> provided in Step 2<http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html#oauth-requesttoken>.
> Your application must provide directions for your User to manually browser
> to the URL and enter the provided Request Token. >>
> I imagine that
> https://api.login.yahoo.com/oauth/v2/request_auth?oauth_token=<myreqtoken>
> will return an HTML page were the user can permit or deny the authorization.
>
> How a device not able to render an HTML page can allow to the user to
> perform that choice?
> My guess is that such limited device can only suggest to use another device
> (a PC) with a HTML browser.
> Where I'm wrong?
>
> Thank you,
> Valentino
>
>
>
> Chris Messina said the following on 03/02/2010 22.42:
>
> This really is case for using OAuth — since it was designed to take care of
> the "no-browser" use case, which OpenID is limited by.
>
>  These links might help:
>
>  http://developer.yahoo.com/oauth/guide/openid-oauth-guide.html
> http://hueniverse.com/oauth/
>
>  Chris
>
> On Wed, Feb 3, 2010 at 6:58 AM, valentino miazzo <
> valentino.miazzo at blu-labs.com> wrote:
>
>> Hi,
>> I'm developing applications for Bluray players and I would like to add
>> OpenId compatibility of our applications.
>>
>> For who don't know, a Bluray applications is a sort of applet wrote in
>> Java 1.3 using AWT for the UI.
>> You don't have a built-in HTML browser.
>> As far I can see, all the big OPs are assuming that the user-agent is
>> able to parse HTML.
>> Maybe this is not in the standard but seems to be the current de-facto
>> situation.
>>
>> I see 3 solutions;
>>
>> A) we embed a 100% Java HTML browser on our applications.
>> We did some tests and existing solutions are far from perfect.
>> Glitches and issues are common.
>> Not professional nor reliable.
>>
>> B) we use "reverse engineering" to see how the top OP implemented their
>> forms and forge the POST request by hand in the bluray application.
>> As example, for myopenid we need to reverse how these URL
>> https://www.myopenid.com/signin_submit ,
>> https://www.myopenid.com/trust_submit should be used.
>> This solution is fragile. Our application will break each time one OP
>> changes something in the POST "syntax".
>> This leads to the solution C.
>>
>> C) define in the OpenId specification how OP forms use POST to login
>> and/or change trust lists.
>> This solution is the best one because it avoids the use of an HTML
>> browser and is not prone to break suddenly.
>> Off course this solution would be beneficial for any device can use HTTP
>> but not HTML.
>>
>> How impossible is to have such extension to the standard?
>> What are the problems?
>>
>> BTW, I saw a post in the BOARD ML: "Question on implementation of
>> OAUTH/OpenID for Set-top-box".
>> It cover the same problem but the thread stops without any solution.
>>
>> Thanks in advance,
>> Valentino
>> _______________________________________________
>> Code mailing list
>> Code at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-code
>>
>
>
>
> --
> Chris Messina
> Open Web Advocate, Google
>
> Personal: http://factoryjoe.com
> Follow me on Twitter: http://twitter.com/chrismessina
>
> This email is:   [ ] shareable    [X] ask first   [ ] private
>
>
> _______________________________________________
> Code mailing list
> Code at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-code
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20100204/1aa321e9/attachment.htm>


More information about the Code mailing list