I don't claim to fully grok what the current state of the various proposals are regarding the user agent flow, but fundamentally, shouldn't we be aiming to replicate what Twitter and Facebook are already doing?
We've already moved towards JSON as a standard format, why not go all the way and mandate either JSONP or CORS support, and explicitly build around a Javascript-centric model (since that's really what we're talking about, and that's what is deployed today). b. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth