On Thu, Apr 1, 2010 at 9:02 PM, Eran Hammer-Lahav <[email protected]> wrote: > But providing a half baked flow that is short enough to just replicate where > needed and cannot be fully implemented by generic libraries doesn’t really > offer much.
I think this is similar to the scope parameter argument, that libraries cannot really use an opaque scope. OAuth libraries will neither generate nor consume the assertions, the assertion itself can be opaque. The client application needs to obtain an assertion somehow, this is out of scope, then pass it to a library and the library can use it as is, pass it to the Authorization Server and deal with the response. Works perfectly fine IMO. Marius _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
