Personally, as I’ve fired up an increasing number of native apps on the iPhone 2.0 software, I’ve been increasingly frustrated and annoyed at how many of them want my username and password, and how few of them support this kind of delegated authorization flow. Third, if the iPhone is lost or stolen, the owner of the phone could visit and disable access to their account via the Pownce iPhone app - and not need to change their password and disrupt all the other services or applications that might already have been granted access.Second, it creates room for the adoption of OpenID - or something other single sign-on solution - to be implemented at Pownce later on, since OAuth doesn’t specify how you do authentication.This might not seem like a great distinction, but if a non-Pownce developed iPhone application wanted to access or post to your Pownce account, this flow could be reused, and you’d never need to expose your credentials to that third party app First, you’re not entering your username and password into the Pownce application - you’re only entering it into the website.There are three important aspects of this: Once you click Okay, which is basically a pownce:// protocol link that will fire up Pownce.app to complete the transaction.Once successfully signed in to your account, you can grant the Pownce iPhone app permission to access your account. Pownce.app launches via an initial OAuth request here you signin to your Pownce account using your username or password (if Pownce supported OpenID, you could signin with OpenID as well).If you’re one of the lucky folks that’s been able to upgrade your iPhone (and activate it) to the 2.0 firmware, I encourage you to give the Pownce application a try, if only to see a real world example of OAuth in action (that link will open in iTunes).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |