How can they both be logged in? I have never seen a case where two users can be both logged into to the same service at the same time...
EHL On 4/19/10 8:33 AM, "Evan Gilbert" <[email protected]> wrote: More details on this enhancement. Goal: Make sure you get an access token for the right user in immediate mode. Use case where we have problems if we don't have username parameter: 1. Bob is logged into a web site as [email protected]. 2. Mary (his wife) is logged into IDP on the same computer as [email protected] 3. A request is made to get an access token via the User-Agent flow in immediate mode (or with any redirect without prompting the user) 4. -ob now has an access token for Mary and (posts activities, schedules events, gets contacts) as Mary 5. Hilarity ensues Secondary goal: Provide a hint for non-immediate mode On Thu, Apr 15, 2010 at 11:55 AM, Eran Hammer-Lahav <[email protected]> wrote: Evan Gilbert proposed a 'username' request parameter to allow the client to limit the end user to authenticate using the provided authorization server identifier. The proposal has not been discussed or supported by others, and has not received a security review. Proposal: Obtain further discussion and support from others, as well as a security review of the proposal. Otherwise, do nothing. EHL _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
