[OSM-dev] OAuth down
Tom Hughes
tom at compton.nu
Sat Nov 19 19:28:56 GMT 2011
On 19/11/11 19:15, Pierre GIRAUD wrote:
> My concerns now are to avoid the authorization multiplication ie. to
> prevent users from being asked several times for a permission they
> already gave.
Well just carry on using the same access token that you got the first
time. You only get proliferation if you keep restarting the process by
getting a new request token, authorising it, and then converting it to
an access token.
> Shouldn't there be a mechanism that verifies that the application has
> already been authorized?
Yes - your possession of the access token and it's secret is how you
prove that you have been authorized. If you hang on to those and reuse
them then we will continue to allow you access.
> In this application [1] described here [2], once the user has
> authorized the application, he can log in again and again without
> being asked for permission unless he goes to the profile and revokes
> the authorization intentionaly.
> [1] http://facebook-auth.appspot.com/
> [2] http://facebook-python-library.docs-library.appspot.com/facebook-python/examples/oauth.html
Facebook is not directly comparable because it doesn't use OAuth as far
as I know. It uses the proprietary Facebook Connect protocol.
I don't know the details of how the Facebook protocol works, but it is
certainly possible to do what you want with OAuth.
Tom
--
Tom Hughes (tom at compton.nu)
http://compton.nu/
More information about the dev
mailing list