Am 21.04.2010 02:45, schrieb Evan Gilbert:
On Tue, Apr 20, 2010 at 12:57 PM, Torsten Lodderstedt
<[email protected] <mailto:[email protected]>> wrote:
Hi all,
I would like to propose an additional variant of the Web Server
Flow w/o the need for direct communication between client and
authorization server in order to obtain authorized access/refresh
tokens. Instead access and refresh tokens should directly be send
back with the redirect to the client as it is the case in the
User-Agent Flow.
Question (and sorry if I'm being dense) - what is the delta between
Web Server flow + verification_code=false and User-Agent flow?
This is not a dense question :-)
The User Agent Flow adds the data as URL fragment which is not passed to
the web server (as far as I understand). My proposal adds this data as
URL query parameters, which are passed to the web server by the user agent.
I think the delta is small in terms of specification but the benefit for
large-scale OAuth 2.0 deployments would be significant.
regards,
Torsten.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth