[xauth] Token typing
6 views
Skip to first unread message
Will Meyer
Apr 20, 2010, 11:09:40 PM4/20/10
to xa...@googlegroups.com
Making sure I understand this...from the spec it appears that the
token is typed as a string, the content of which is determined
(exactly) by the extender. A retriever can perform a boolean
existence check, but shouldn't assume anything about what the token
actually is (random strings, "1", whatever). Is that right?
P.S. The Retrieve call docs say "Called by an auth extender that
wishes to retrieve XAuth tokens." Should that really say retriever?
P.P.S. Excellent use of youface.com in sample code ;-)
--
You received this message because you are subscribed to the xAuth group.
To post, send email to xa...@googlegroups.com
To unsubscribe from this group, send email to
xauth+un...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/xauth?hl=en
token is typed as a string, the content of which is determined
(exactly) by the extender. A retriever can perform a boolean
existence check, but shouldn't assume anything about what the token
actually is (random strings, "1", whatever). Is that right?
P.S. The Retrieve call docs say "Called by an auth extender that
wishes to retrieve XAuth tokens." Should that really say retriever?
P.P.S. Excellent use of youface.com in sample code ;-)
--
You received this message because you are subscribed to the xAuth group.
To post, send email to xa...@googlegroups.com
To unsubscribe from this group, send email to
xauth+un...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/xauth?hl=en
Will Meyer
Apr 21, 2010, 6:22:15 AM4/21/10
to xAuth
Rabbit's post and Chris' response did a pretty good job of I think of
confirming my question. Woud be cool to get the docs updated to
clarify.
If the "token" concept is being looked at for extension (to represent
interfaces supported by the extender, for example), I'd suggest that
it would also make sense to convey a state beyond "there exists a
session between this browser and this host". For sharing nascar, it
is useful to know that the user "uses" a service, whether or not they
are actively logged in.
W
confirming my question. Woud be cool to get the docs updated to
clarify.
If the "token" concept is being looked at for extension (to represent
interfaces supported by the extender, for example), I'd suggest that
it would also make sense to convey a state beyond "there exists a
session between this browser and this host". For sharing nascar, it
is useful to know that the user "uses" a service, whether or not they
are actively logged in.
W
Reply all
Reply to author
Forward
0 new messages