[Openid-specs-ab] Facebook OAuth extension ruffles feathers, nixes user access permission

Nat Sakimura sakimura at gmail.com
Thu Feb 2 18:12:13 UTC 2012

I suppose the article is not talking about OpenID Connect at all but just
questioning why they creat yet another way of extending the access token
validity time while OAuth 2.0 has a defined way of doing it.

I can sort of understand it. Being not standard compliant to fragment is
the market is a valid strategy for the largest player.

=nat via iPhone

On 2012/02/03, at 3:02, Anthony Nadalin <tonynad at microsoft.com> wrote:

  What FB does is their business, they have created an extension that
serves their own business needs, it’s not part of OAUTH (but seems to fit
the extension model). Everyone is allowed to create extensions that they
feel are needed. I believe that they feel that OpenID Connect is too
complicated for them to implement thus they have gone their worn route.

*From:* openid-specs-ab-bounces at lists.openid.net [mailto:
openid-specs-ab-bounces at lists.openid.net] *On Behalf Of *Mike Jones
*Sent:* Thursday, February 02, 2012 9:50 AM
*To:* openid-specs-ab at lists.openid.net
*Subject:* [Openid-specs-ab] Facebook OAuth extension ruffles feathers,
nixes user access permission


Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120203/a87b814c/attachment.html>

More information about the Openid-specs-ab mailing list