[Code] OpenId on no HTML user-agents
Andrew Arnott
andrewarnott at gmail.com
Thu Feb 4 14:18:22 UTC 2010
Well, OAuth WRAP partially solves the problem because the protocol actually
has a profile that doesn't require a web browser. It requires that the
client app collect the username+password of the user, which it then forwards
to the service provider in exchange for the WRAP token.
The downsides of this approach is that it depends on the user having a
username+password to begin with (which if it's a pure OpenID account, or
Infocard, etc. there won't be one) and it requires the user to disclose the
password to a third party.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Thu, Feb 4, 2010 at 6:10 AM, valentino miazzo <
valentino.miazzo at blu-labs.com> wrote:
> Andrew Arnott said the following on 04/02/2010 14.48:
> > You're correct, Valentino. In OAuth, a device without a web browser on
> > it must indicate to the user to find a web browser [on another device]
> > to authorize the token.
> >
> Ask to a user in the sofa (watching a bluray movie) to find a web
> browser to login and then go back is not an option. Nobody will do it.
> So, it seems Oauth has the same limits of OpenId from this point of view.
>
> Returning to solution C ... in the opinion of you, experts and founders
> of OpenId and Oauth, there is any chance that a some point OpenId
> Providers will converge on a common "submit API" ?
> I have already the name: Embedded OpenId
> :)
>
> Thanks.
> Valentino
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20100204/6d52f633/attachment.htm>
More information about the Code
mailing list