W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2010

Widgets and OAuth or other similar redirect-based protocols

From: Bryan Sullivan <blsaws@gmail.com>
Date: Mon, 01 Nov 2010 14:19:06 +0200
To: Web Applications Working Group WG <public-webapps@w3.org>
Message-ID: <C8F47CDA.5C36%blsaws@gmail.com>
Can anyone point to an example of how to use HTTP redirect-based protocols
such as OAuth with widgets? There seem to be issues with the use of these
protocols due to the difference between widgets and browser-based webapps,
in particular with the two aspects:
* widgets cannot access network resources unless an access
request/dependency to the domain is declared per the WARP spec. Thus any
domain that is to be used in a redirect-based protocol needs to be known
up-front and explicitly included per WARP.
* for widgets, there is no ³origin² or at least ³base² that can be used in a
redirect-based protocol. All that widgets could expose for redirect purposes
are relative URIs for their resources. Thus redirect protocols/designs in
which one widget page makes a request which is intended to result in a
redirect to another widget page, will not work.

An example of how to do this for widgets, e.g. a Twitter-enabled widget (as
Twitter uses OAuth) would be very helpful.

It does seem that applications using XHR for this (as compared to web
links/anchors etc) would/should be in total control of the operation of XHR,
but they would need to handle all HTTP requests and responses (including

Apologies in advance if this request is not clear from a technical

Received on Monday, 1 November 2010 13:19:43 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:28 UTC