Congrats on the API launch! You probably saw it coming (clearly, as
indicated by the note in the docs about authorization) I'd love to see
you guys use OAuth. Not only would it be good for OAuth, but it really
would save a bunch of work for you, longer term, as we already have
OAuth libraries for C#, Objective-C, Javascript, PHP, Perl, Python,
ColdFusion, Java, and Ruby:
Additionally, your remote key approach is actually similar to the
mobile-compatible flow in OAuth. You probably wouldn't need to even
change all that much (from a completely ignorant perspective) given
your current approach.
And, given that the core author of the OAuth spec is already on this
list (EHL), I think you'd have whatever support you need to make it
happen. ;)
The main thing preventing it for this launch was some of the storage requirements and a lot of the places where app registration was assumed (even though it is not technically required, most libraries assume it exists). It is what I am working on next. EHL has been giving us guidance for some of our decisions. I hope to have a version for experts like you and EHL to review next week.
Bret
On Tue, Mar 25, 2008 at 6:42 PM, Chris Messina <chris.mess...@gmail.com> wrote:
> Congrats on the API launch! You probably saw it coming (clearly, as > indicated by the note in the docs about authorization) I'd love to see > you guys use OAuth. Not only would it be good for OAuth, but it really > would save a bunch of work for you, longer term, as we already have > OAuth libraries for C#, Objective-C, Javascript, PHP, Perl, Python, > ColdFusion, Java, and Ruby:
> Additionally, your remote key approach is actually similar to the > mobile-compatible flow in OAuth. You probably wouldn't need to even > change all that much (from a completely ignorant perspective) given > your current approach.
> And, given that the core author of the OAuth spec is already on this > list (EHL), I think you'd have whatever support you need to make it > happen. ;)
> The main thing preventing it for this launch was some of the storage
> requirements and a lot of the places where app registration was assumed
> (even though it is not technically required, most libraries assume it
> exists). It is what I am working on next. EHL has been giving us guidance
> for some of our decisions. I hope to have a version for experts like you and
> EHL to review next week.
> Bret
> On Tue, Mar 25, 2008 at 6:42 PM, Chris Messina <chris.mess...@gmail.com>
> wrote:
> > Hey Bret et al,
> > Congrats on the API launch! You probably saw it coming (clearly, as
> > indicated by the note in the docs about authorization) I'd love to see
> > you guys use OAuth. Not only would it be good for OAuth, but it really
> > would save a bunch of work for you, longer term, as we already have
> > OAuth libraries for C#, Objective-C, Javascript, PHP, Perl, Python,
> > ColdFusion, Java, and Ruby:
> > Additionally, your remote key approach is actually similar to the
> > mobile-compatible flow in OAuth. You probably wouldn't need to even
> > change all that much (from a completely ignorant perspective) given
> > your current approach.
> > And, given that the core author of the OAuth spec is already on this
> > list (EHL), I think you'd have whatever support you need to make it
> > happen. ;)
That's awesome news. Another +1 here. We've already worked through a
number of OAuth implementations, and I'd be happy to give feedback on
any user experience questions on making the oauth dance as smooth as
possible.
On Mar 25, 6:46 pm, "Bret Taylor" <btay...@gmail.com> wrote:
> The main thing preventing it for this launch was some of the storage
> requirements and a lot of the places where app registration was assumed
> (even though it is not technically required, most libraries assume it
> exists). It is what I am working on next. EHL has been giving us guidance
> for some of our decisions. I hope to have a version for experts like you and
> EHL to review next week.
> Bret
> On Tue, Mar 25, 2008 at 6:42 PM, Chris Messina <chris.mess...@gmail.com>
> wrote:
> > Hey Bret et al,
> > Congrats on the API launch! You probably saw it coming (clearly, as
> > indicated by the note in the docs about authorization) I'd love to see
> > you guys use OAuth. Not only would it be good for OAuth, but it really
> > would save a bunch of work for you, longer term, as we already have
> > OAuth libraries for C#, Objective-C, Javascript, PHP, Perl, Python,
> > ColdFusion, Java, and Ruby:
> > Additionally, your remote key approach is actually similar to the
> > mobile-compatible flow in OAuth. You probably wouldn't need to even
> > change all that much (from a completely ignorant perspective) given
> > your current approach.
> > And, given that the core author of the OAuth spec is already on this
> > list (EHL), I think you'd have whatever support you need to make it
> > happen. ;)
