W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2010

Re: Widgets and OAuth or other similar redirect-based protocols

From: Jean-Yves Bitterlich <jean-yves.bitterlich@oracle.com>
Date: Mon, 1 Nov 2010 17:59:31 +0100
Message-Id: <A4BCD021-7905-4A4E-8CCA-9649490041BB@oracle.com>
To: Bryan Sullivan <blsaws@gmail.com>
Cc: Web Applications Working Group WG <public-webapps@w3.org>

On 1 Nov 2010, at 13:19, Bryan Sullivan <blsaws@gmail.com> wrote:

> Hi,
> Can anyone point to an example of how to use HTTP redirect-based protocols such as OAuth with widgets? There seem to be issues with the use of these protocols due to the difference between widgets and browser-based webapps, in particular with the two aspects:
> widgets cannot access network resources unless an access request/dependency to the domain is declared per the WARP spec. Thus any domain that is to be used in a redirect-based protocol needs to be known up-front and explicitly included per WARP.
> for widgets, there is no “origin” or at least “base” that can be used in a redirect-based protocol. All that widgets could expose for redirect purposes are relative URIs for their resources. Thus redirect protocols/designs in which one widget page makes a request which is intended to result in a redirect to another widget page, will not work
> An example of how to do this for widgets, e.g. a Twitter-enabled widget (as Twitter uses OAuth) would be very helpful.
> It does seem that applications using XHR for this (as compared to web links/anchors etc) would/should be in total control of the operation of XHR, but they would need to handle all HTTP requests and responses (including redirects).

.... That's probably where XHR reaches its limit: redirects are thought to be transparent to XHR

> Apologies in advance if this request is not clear from a technical perspective. 
> Bryan
Received on Tuesday, 2 November 2010 08:30:33 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:28 UTC