On Mon, Apr 19, 2010 at 8:39 AM, Eran Hammer-Lahav <[email protected]> wrote:
>> The first is before redirecting the user to the callback URI.  This seems
>> doomed to being service provider specific, unfortunately.
>
> I agree. If someone wants to suggest some security consideration text that 
> would be good.

See page 9: 
http://trac.tools.ietf.org/wg/oauth/trac/attachment/wiki/SecurityConsiderations/OAuth%20WRAP%202.0%20Security%20Considerations.pdf

Cheers,
Brian
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to