Isn't the capability that distinguishes this flow the fact that URLs can not be more than ~500 bytes?
On Wed, May 26, 2010 at 10:13 PM, Manger, James H < [email protected]> wrote: > David, > > > This feels exactly like the sort of thing that should be a new flow. > > Why is the size of the parameters related to the fundamental capabilities > that distinguish flows (can/can't launch browser; can/can't receive > redirects; can/can't keep client secret; is/isn't registered; with/without a > user)? > > Its not that some devices have URI limits and other don't. Its just that > the size of the limits varies, which make the issue more pressing for > selected mobile phones first. Perhaps there is no chance the ~2KB URI limit > in IE will ever be exceeded -- but things like PAPE in OpenID strained > similar assumptions there. > > I guess I am just uncomfortable with the repetition between the flows. > > -- > James Manger >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
