On Thu, Apr 30, 2009 at 5:38 PM, Eran Hammer-Lahav <[email protected]> wrote: > Also, do we need another value to indicate a desktop client that doesn't need > the verifier?
Will the revised protocol allow for (desktop) consumers who *don't need* the verifier or should the protocol ask for *manual input* of the verifier? If the former then maybe the attack could be done by using one of those clients who don't require the verifier ... Luca --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
