- From: Bryan Sullivan <blsaws@gmail.com>
- Date: Mon, 01 Nov 2010 14:19:06 +0200
- To: Web Applications Working Group WG <public-webapps@w3.org>
- Message-ID: <C8F47CDA.5C36%blsaws@gmail.com>
Hi, Can anyone point to an example of how to use HTTP redirect-based protocols such as OAuth with widgets? There seem to be issues with the use of these protocols due to the difference between widgets and browser-based webapps, in particular with the two aspects: * widgets cannot access network resources unless an access request/dependency to the domain is declared per the WARP spec. Thus any domain that is to be used in a redirect-based protocol needs to be known up-front and explicitly included per WARP. * for widgets, there is no ³origin² or at least ³base² that can be used in a redirect-based protocol. All that widgets could expose for redirect purposes are relative URIs for their resources. Thus redirect protocols/designs in which one widget page makes a request which is intended to result in a redirect to another widget page, will not work. An example of how to do this for widgets, e.g. a Twitter-enabled widget (as Twitter uses OAuth) would be very helpful. It does seem that applications using XHR for this (as compared to web links/anchors etc) would/should be in total control of the operation of XHR, but they would need to handle all HTTP requests and responses (including redirects). Apologies in advance if this request is not clear from a technical perspective. Bryan
Received on Monday, 1 November 2010 13:19:43 UTC