views:

34

answers:

1

OAuth like google OAuth. Let's put the communication between Consumer server and OAuth server aside. Let's talk about the browser side and consumer server communication, at least, browser must hold a cookie to identify the session between consumer server. Right? But, I didn't see it.

+1  A: 

Is your question how you link back what the user has done before the OAuth to afterward? If so, that's up to you to do. In the web-server flow, the user is eventually redirected back to the consumer server, with tokens from the OAuth server. This redirection causes an HTTP GET to be sent to the consumer. Any cookies that were previously set (by the consumer server) will still get sent, and this lets you map the OAUth identity to your local concept of a user.

Yuliy