So after signin you access another content-server served page to do the encryption before going back to the service provider?
Le 29/12/2014 10:42, Ryan Kelly a écrit : > On 29/12/2014 20:33, Rémy Hubscher wrote: >> >> Le 29/12/2014 10:31, Ryan Kelly a écrit : >>> They are encrypted by client-side javascript from the content server >> >> This is the part I didn't understand. On which resource of the >> content-server? > > The oauth provisioning page. IIRC in production this is: > > https://accounts.firefox.com/oauth/signin > > > > Ryan _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
