David, > This feels exactly like the sort of thing that should be a new flow.
Why is the size of the parameters related to the fundamental capabilities that distinguish flows (can/can't launch browser; can/can't receive redirects; can/can't keep client secret; is/isn't registered; with/without a user)? Its not that some devices have URI limits and other don't. Its just that the size of the limits varies, which make the issue more pressing for selected mobile phones first. Perhaps there is no chance the ~2KB URI limit in IE will ever be exceeded -- but things like PAPE in OpenID strained similar assumptions there. I guess I am just uncomfortable with the repetition between the flows. -- James Manger _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
