Does the OpenID Hybrid Protocol need to be amended to mention that Hybrid should not use auto-approval for OAuth tokens?
Allen Brian Eaton wrote: > Automatic Repeat Approvals > > Some service providers may wish to automatically approve OAuth access > requests from consumers who the user has already indicated they trust. > For example: > Consumer sends request token request > User is redirected to service provider approval URL. > Service provider detects that user has approved previous access > requests from this consumer. > Service provider does not prompt the user for approval, and instead > redirects the user back to the consumer. > Consumer fetches approved access token for user. > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---