On Mon, Apr 19, 2010 at 8:39 AM, Eran Hammer-Lahav <[email protected]> wrote: >> The first is before redirecting the user to the callback URI. This seems >> doomed to being service provider specific, unfortunately. > > I agree. If someone wants to suggest some security consideration text that > would be good.
See page 9: http://trac.tools.ietf.org/wg/oauth/trac/attachment/wiki/SecurityConsiderations/OAuth%20WRAP%202.0%20Security%20Considerations.pdf Cheers, Brian _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
