Hi, I am working on java implementation of the web server flow for OAuth 2.0. I've made good progress so far, however there's something that's confusing me in the spec (v05). In section 3.6.2 "Client Requests Access Token" the 'client_secret' (per section 3.1) is required. My understanding is that this equates to say a password for the client. Then there's the optional 'secret_type' (as described by section 5.3). I am not understanding 1) the valid value for 'secret_type' 2) if it's related to the 'client_secret'.
I've created code to make the HMAC-256 signed data called out in 5.3, but the 5.3 stuff seems to be about attempting to access the resource after you get the access token, i'm trying understand how it relates to 3.6.2 where the client is making the initial request for the token. -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
