OpenID/OAuth hybrid - without app pre-registration

Martin Atkins mart at degeneration.co.uk
Wed Nov 26 07:22:49 UTC 2008


Breno de Medeiros wrote:
> 
> The consumer key is an independent issue of pre-registration. Say a
> site hosts multiple apps. The realm indicates the site, the consumer
> key indicates the app. The presence of the consumer key (even in a
> scenario without pre-registration requirements) is useful to indicate
> to the user information about the request.
> 
> This turns out to be particularly important in the un-registered case,
> where the consumer could provide a descriptive key. In the case of
> registered consumers, this will probably not be used to describe the
> request in a user-visible way, but is useful for other purposes.
> 
> Making it optional actually hurts interoperability. The idea is that
> it can be a self-reported value in the case of unregistered consumers.
> 

Can you give a concrete example of what you're arguing for?

Are you imagining...

oauth.consumer_key=Martin's Amazing Social Applicatioon

or did you have something else in mind?




More information about the specs mailing list