Re: [OAUTH-WG] questions about implicit grant
Dan Taflin <dan.taflin@gettyimages.com> Tue, 15 November 2011 20:26 UTC
Return-Path: <dan.taflin@gettyimages.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 404421F0C87 for <oauth@ietfa.amsl.com>; Tue, 15 Nov 2011 12:26:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.724
X-Spam-Level:
X-Spam-Status: No, score=-4.724 tagged_above=-999 required=5 tests=[AWL=-1.125, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o8rX8gS5S43b for <oauth@ietfa.amsl.com>; Tue, 15 Nov 2011 12:26:11 -0800 (PST)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe005.messaging.microsoft.com [216.32.181.185]) by ietfa.amsl.com (Postfix) with ESMTP id F2AA81F0C86 for <oauth@ietf.org>; Tue, 15 Nov 2011 12:26:10 -0800 (PST)
Received: from mail205-ch1-R.bigfish.com (10.43.68.251) by CH1EHSOBE014.bigfish.com (10.43.70.64) with Microsoft SMTP Server id 14.1.225.22; Tue, 15 Nov 2011 20:25:38 +0000
Received: from mail205-ch1 (localhost.localdomain [127.0.0.1]) by mail205-ch1-R.bigfish.com (Postfix) with ESMTP id 1A8421720173; Tue, 15 Nov 2011 20:25:56 +0000 (UTC)
X-SpamScore: -7
X-BigFish: VPS-7(zzbb2dK9371K98dKzz1202hz4ejz8275bhz2fh2a8h668h839h946h)
X-Forefront-Antispam-Report: CIP:216.169.250.56; KIP:(null); UIP:(null); IPVD:NLI; H:SEAPXCH10CAHT02.amer.gettywan.com; RD:mailtest.gettyimages.com; EFVD:NLI
Received-SPF: pass (mail205-ch1: domain of gettyimages.com designates 216.169.250.56 as permitted sender) client-ip=216.169.250.56; envelope-from=dan.taflin@gettyimages.com; helo=SEAPXCH10CAHT02.amer.gettywan.com ; gettywan.com ;
Received: from mail205-ch1 (localhost.localdomain [127.0.0.1]) by mail205-ch1 (MessageSwitch) id 1321388753945023_23753; Tue, 15 Nov 2011 20:25:53 +0000 (UTC)
Received: from CH1EHSMHS033.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.241]) by mail205-ch1.bigfish.com (Postfix) with ESMTP id CA0C6238053; Tue, 15 Nov 2011 20:25:53 +0000 (UTC)
Received: from SEAPXCH10CAHT02.amer.gettywan.com (216.169.250.56) by CH1EHSMHS033.bigfish.com (10.43.70.33) with Microsoft SMTP Server (TLS) id 14.1.225.22; Tue, 15 Nov 2011 20:26:02 +0000
Received: from SEAPXCH10MBX01.amer.gettywan.com ([fe80::f054:280d:92db:5fff]) by SEAPXCH10CAHT02.amer.gettywan.com ([::1]) with mapi id 14.01.0289.001; Tue, 15 Nov 2011 12:26:01 -0800
From: Dan Taflin <dan.taflin@gettyimages.com>
To: John Joseph Bachir <j@jjb.cc>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] questions about implicit grant
Thread-Index: Acyj1Mf0tBO8jEKIgUaXWOk47jlPJA==
Date: Tue, 15 Nov 2011 20:26:00 +0000
Message-ID: <CAE80AD5.32E95%dan.taflin@gettyimages.com>
In-Reply-To: <CAOf2Z5tMozMbr1rK0zFPqgNnmsM1xeH_CP27sLaQWetMUaZpVA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-Entourage/13.11.0.110726
x-originating-ip: [10.194.244.88]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <E656896DC2378A4699AF6022C3887AEC@gettyimages.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: gettyimages.com
Subject: Re: [OAUTH-WG] questions about implicit grant
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Nov 2011 20:26:15 -0000
I’ve spent the last couple months trying to answer this question myself (even posted on Stack Overflow, http://stackoverflow.com/questions/7522831/what-is-the-purpose-of-the-implicit-grant-authorization-type-in-oauth-2), and here’s the best answer I can come up with: it’s a great solution for someone like, say, Facebook or Twitter to be able to hand out a blob of javascript and say, “Here, put this on your web page to enable users to like/tweet/post on their account.” The 3rd-party web site doesn’t have to write a lick of oauth code to manage the authorization process – the access token just magically becomes available in the javascript code. Dan On 11/15/11 10:28 AM, "John Joseph Bachir" <j@jjb.cc> wrote: Okay, so I think the basic thing I'm not getting is: what's the use case for a javascript client? Googling doesn't help much here...
- [OAUTH-WG] questions about implicit grant John Joseph Bachir
- Re: [OAUTH-WG] questions about implicit grant Justin Richer
- Re: [OAUTH-WG] questions about implicit grant John Joseph Bachir
- Re: [OAUTH-WG] questions about implicit grant Justin Richer
- Re: [OAUTH-WG] questions about implicit grant John Joseph Bachir
- Re: [OAUTH-WG] questions about implicit grant Dan Taflin
- Re: [OAUTH-WG] questions about implicit grant John Joseph Bachir