tags:

views:

34

answers:

2
+1  Q: 

OAuth for Desktop apps?

i wonder how do desktop apps without any domain names use oauth? or is it not supposed to be used this way? if so what do i use? say for tumblr they have an authentication api so i will have to put the username and password in the url/query string?

i am thinking of using WPF/Adobe AIR. how does something like tweetdeck work?

A: 

You should start by reading about getting started with OAuth. Eventually, even a desktop application will open a browser window to authenticate the user - TweetDeck and other Twitter clients do this, as you've probably noticed.

Tumblr, in your example, doesn't use OAuth but rather basic authentication that is being performed via simple HTTP web requests.

Dennis Delimarsky  2010-09-19 03:28:57
but if a desktop opens a browser window to authenticate it wont really be on a domain which is required to create an app with oauth right. i will read the link tho
jiewmeng  2010-09-19 03:36:45
It will actually be a domain that can confirm the OAuth token. To give you an example of a real-world OAuth powered service (other than Twitter), take a look at Vimeo: http://vimeo.com/api/docs/oauth
Dennis Delimarsky  2010-09-19 03:52:54
hmm, i notice that but how does my domain come into play? eg. my app will call my domain to authenticate the request or something? Sorry, i am a little confused
jiewmeng  2010-09-25 05:43:37
A: 

Twitter doesn't want users entering their credentials into your application. So at some point the desktop app will need to open a browser window through which Twitter can authenticate their users and return an access token representing the user. From that point the desktop app can use the access token to represent the user in all subsequent API calls to Twitter.

Addys  2010-09-21 16:13:11
Ok I understand the point of opening a browser, but if the call was made from a desktop app with no domain name, what do I enter for the domain name when registering? even if I have a domain name, what is the relation between the desktop app and the domain name? Like must the app make a request to that domain name or something?
jiewmeng  2010-09-22 00:09:08
your application will issue a call to Twitter - it is Twitter's auth mechansim which will accept the user's credentials and return a token. Depending on Twitter's implementation, you *may* need to provide a callback URL which Twitter can use to return control to your application once the user has completed the authentication flow. Does that help?
Addys  2010-10-03 14:28:29

related questions

XSRF protection in an AJAX style app
Can OAuth be used to schedule Twitter status updates in the future?
2 legged oauth - looking for information
How to get Uri.EscapeDataString to comply with RFC 3986
OAuth - lexicographical byte value ordering in c#
OpenID authentication from an installed application
What is excatly the technology stack defining Web APIs?
Problem with Google Hybrid Protocol (OpenID + OAuth) Demo
How to integrate google's Step2 with acegi security in the Grails Framework?
OAuth alternative?
OAuth? ,OpenID? Neither? Which one should my site support?
Twitter oAuth callbackUrl - localhost development
Example of a good Webservice
Sorting by key and value in case keys are equal
What does the oauth guide mean by "8 bit array"?
Using OAuth for server-to-server authentication?
Getting 401 on Twitter OAuth POST requests
How do I develop against OAuth locally?
Can OAuth work with mobile phone applications?
Security of REST authentication schemes
How do you manage api keys
How can I verify a Google authentication API access token?
How do you debug an ASP.Net application accessing an OAuth secured API?
oAuth REST and C# What's the missing piece
PHP Tutorial for OpenId and OAuth