What is out-of-band POST?

Question

What is out-of-band POST ? I am seeing this while reading documents on OAuth.

Neither google nor bing helped much.

Update: I see it in this page. Search for out-of-band https://na1.salesforce.com/help/doc/en/remoteaccess_oauth_refresh_token_flow.htm

Answer 1

Anything "out-of-band" refers to communications that occur outside of the main protocol, in this case anything outside of the communication between the HTTP client that is logging in and the HTTP server that is authenticating the OAuth credentials.

Answer 2

I think Out-of-band in the context of OAuth means you're trying to auth from something that isn't a web browser (i.e. a desktop or mobile app), so things have to be a little clunkier.

Possible flow:

Your app tells the user to go to a web page to grant access. The web page gives the user a code, which they type into your app. Your app makes a post to the out-of-band endpoint and gets its token.

Answer 3

Out of band does not necessarily mean a change in protocol - i.e. I do not believe the term, as used here, is meant to have quite the same connotations as 'out of band' in the telecommunications space. You can have an out of band message that is still HTTP, but is submitted outside of the normal, interactive conversation between an HTTP server and an HTTP client. For example, the OAuth 2.0 Username-Password Flow includes an 'out of band' POST from the client to the server to request an access token, and it is deemed 'out of band' because, normally, the client would have first conversed with the server to get an authorization token and then requested an access token, but, in this case, authorization is already bestowed by virtue of the username/password in the request.