Since the secret is bound to the token anyway, changing the access token will break the signature (unless you know that two tokens have the same secret - which implies you know the secret too).
I can add it but I'm not sure how important it is. EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Dick Hardt > Sent: Wednesday, May 26, 2010 9:39 AM > To: OAuth WG ([email protected]) > Subject: [OAUTH-WG] 5.3.1.2 Normalized String Construction > > The access token is not in the string that is signed. Is this a mistake or am > I > missing something? > > -- Dick > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
