Non-interactive logins

John Panzer jpanzer at acm.org
Wed Jul 16 04:28:18 UTC 2008


Anders Feder wrote:
> If I'm not mistaken, OAuth requires the user to approve the
> authentication request in her browser, which is an interactive action.
>   
This is true, but this only needs to be done when obtaining an access 
token, which can be used potentially forever without further interaction 
from the user.

And of course any number of extensions could be created to obtain an 
access token via an alternate path, after which normal OAuth can be used.

> Joseph Holsten pointed me to Appendix A of the OAuth specification for
> an example. In step A.3, "The Consumer redirects Jane’s browser to the
> Service Provider User Authorization URL to obtain Jane’s approval for
> accessing her private photos."
>
> Also, OAuth appears to be more about authorization (to access a remote
> resource) than about authentication.
>
> Is there any way to operate either OpenID or OAuth entirely
> non-interactively?
>
> tir, 15 07 2008 kl. 08:38 -0700, skrev Scott Kveton:
>   
>> Hi Anders,
>>
>> You might want to check out OAuth ... it was developed for just such a
>> situation.
>>
>> - Scott
>>
>>
>>
>>
>> On Tue, Jul 15, 2008 at 4:20 AM, Anders Feder <lists.anders at feder.dk> wrote:
>>     
>>> Hello,
>>>
>>> There have been some discussion over the years about using OpenID for
>>> non-interactive logins. Can someone kindly tell me what the status is of
>>> this feature? In particular login from non-browser applications - is
>>> this currently possible (e.g. using client certificate authentication)?
>>> Thanks.
>>>
>>> --
>>> Anders Feder <lists.anders at feder.dk>
>>>
>>> _______________________________________________
>>> specs mailing list
>>> specs at openid.net
>>> http://openid.net/mailman/listinfo/specs
>>>
>>>       
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080715/1702f8f1/attachment-0002.htm>


More information about the specs mailing list