Re: Widgets and OAuth or other similar redirect-based protocols

On 1 Nov 2010, at 13:19, Bryan Sullivan <blsaws@gmail.com> wrote:

> Hi,
> Can anyone point to an example of how to use HTTP redirect-based protocols such as OAuth with widgets? There seem to be issues with the use of these protocols due to the difference between widgets and browser-based webapps, in particular with the two aspects:
> widgets cannot access network resources unless an access request/dependency to the domain is declared per the WARP spec. Thus any domain that is to be used in a redirect-based protocol needs to be known up-front and explicitly included per WARP.
> for widgets, there is no “origin” or at least “base” that can be used in a redirect-based protocol. All that widgets could expose for redirect purposes are relative URIs for their resources. Thus redirect protocols/designs in which one widget page makes a request which is intended to result in a redirect to another widget page, will not work
> 
> An example of how to do this for widgets, e.g. a Twitter-enabled widget (as Twitter uses OAuth) would be very helpful.
> 
> It does seem that applications using XHR for this (as compared to web links/anchors etc) would/should be in total control of the operation of XHR, but they would need to handle all HTTP requests and responses (including redirects).

.... That's probably where XHR reaches its limit: redirects are thought to be transparent to XHR

> 
> Apologies in advance if this request is not clear from a technical perspective. 
> 
> Bryan

Received on Tuesday, 2 November 2010 08:30:33 UTC