[API] Support xoauth_displayname parameter (or similar) for unregistered OAuth apps

[API] Support xoauth_displayname parameter (or similar) for unregistered OAuth apps

Submitted by Zach Copley on Wed, 10/27/2010 - 17:11
Issue ID:2854
Issue Category:enhancement
Component:api
Priority:normal
Status:active
Assigned:zach
Version:0.9
Milestone:1.0
Keywords:api, oauth

For OAuth client apps using StatusNet's anonymous consumer, it would be nice to allow them to set a source attribution when requesting temporary credentials.

Currently, we allow anonymous OAuth clients to send in a "source" parameter exactly like we do for HTTP basic auth. But permanently associating a source attribution with each access token would be marginally more secure and convenient for developers.

Example: Google's OAuth let's you send in and xoauth_displayname parameter. After the user has authorized the client application, the value becomes associated with the access token. Whenever a resource is accessed with that access token, the associated attribution can be displayed to the user.

See: http://code.google.com/apis/accounts/docs/OAuth_ref.html#RequestToken

Updates

Login or Register to modify this issue, or to receive updates by email.

You can also subscribe to the RSS feed for updates to this issue.