You were looking for use cases for immediate without identity. I agree that *if* the client does know the user, then it should tell the server. Are you saying that if the client does not know the user it should not use immediate?
-- Dick On 2010-05-23, at 10:32 PM, Eran Hammer-Lahav wrote: > How does this work if there are two people using the same computer and the > other user is the one currently logged into the server? > > I think the client should be required to tell the server who the user is when > using immediate to avoid this problem. > > EHL > >> -----Original Message----- >> From: Dick Hardt [mailto:[email protected]] >> Sent: Sunday, May 23, 2010 8:01 PM >> To: Eran Hammer-Lahav >> Cc: Torsten Lodderstedt; OAuth WG ([email protected]) >> Subject: Re: [OAUTH-WG] 'immediate' without identity >> >> On 2010-05-23, at 8:40 AM, Eran Hammer-Lahav wrote: >>> But back to my original email, what are the use cases for 'immediate' >> without identity? >> >> >> The client may not have any indication of which user it is, but want to >> check if >> it is a user they already know. They can do a check immediate, get the token, >> then make an API call to see which user it is. >> >> This would be the case if the user has used the client, but is now on a >> different machine or has cleared cookies. >> >> -- Dick > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
