Why?
On 4/6/10 12:58 AM, "Brian Eaton" <[email protected]> wrote: On Tue, Apr 6, 2010 at 12:47 AM, Eran Hammer-Lahav <[email protected]> wrote: > That's the same as what I have in the draft, only with a single endpoint > instead of two. Since we already have a 'mode' parameter (which I am > renaming to 'type'), that single endpoint can speak more than one flow. Note that the discovery flow I outlined only works for rich clients, and is completely insecure for other types of clients. In another thread Leif mentioned similar concerns. I think they are justified. Cheers, Brian
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
