Tuesday, August 20, 2013


In the previous post, there was a mention for cross user access or admin access, however in this post we talk about infrastructure support for mobile devices. One of the things we discussed was expiration of access. With mobile devices and other applications, there can be convenience provided to the user such that her login efforts are minimized. For example the authorization website where the user login to grant access to a client, may choose to remain signed in for the duration of a session that is longer the token expiry time.  Clients in expiry of their tokens need not request the user to login again. That can be maintained by the site. Further the user may grant indefinite time access or until explicit revoke at the website such that the client could continue to have the web site send redirects. Strictly speaking this is not OAuth. It's just a convenience provisioned outside the OAuth.

No comments:

Post a Comment