On Wed, Jul 14, 2010 at 2:48 PM, Torsten Lodderstedt <[email protected]> wrote: > Yepp. That's an optimization of use case 2. That way the authz server does > not need to store the authorization transaction's results in a database and > there is no need to perform a a second request.
The authorization server doesn't need to store the transaction results in a database regardless, the authorization code can be a signed message. The second request (as you pointed out in your original mail) is currently used to verify the client identity. Do you have a suggestion for an alternate mechanism? _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
