me too
On Aug 9, 2010, at 12:59 PM, Luke Shepard wrote: > I like Brian's solution. > > On Aug 9, 2010, at 11:32 AM, David Recordon wrote: > >> The thread wondered a bit but Brian's summary here seems to be what most >> people were advocating for. Is there enough consensus to have Draft 11 >> reflect it? >> >> Thanks, >> --David >> >> >> On Wed, Jul 14, 2010 at 10:04 AM, Brian Eaton <[email protected]> wrote: >> I can't parse this diagam, but here's my take: >> >> - web server flow should always return just a code. >> parameter always goes in the query string >> it would be sort of reasonable to have the code exchange return >> just an access token, instead of a refresh token and an access token. >> Or a refresh token with a shorter lifetime than indefinite. >> >> - user-agent flow can reasonably return either just a token, or a >> token and a code >> both parameters always go in the fragment, to avoid busting the browser >> cache >> same comments about lifetime of refresh tokens... >> >> Cheers, >> Brian >> >> On Wed, Jul 14, 2010 at 5:10 AM, Eran Hammer-Lahav <[email protected]> >> wrote: >> > Please answer this based on actual use cases. When returning parameters >> > using the redirection URI call, which of these combinations make sense? >> > >> > | Code | Token | Code & Token >> > ---------+------+-------+-------------- >> > Fragment | a | 1 | 3 >> > Query | 2 | b | c >> > Split* | n/a | n/a | d >> > >> > * token in fragment, code in query >> > >> > Known use cases: >> > >> > 1 - current user-agent flow >> > 2 - current web-server flow >> > 3 - as described by Brian and Naitik >> > >> > Do you need any of these? >> > >> > a - >> > b - >> > c - >> > d - current -10 code-and-token proposal >> > >> > EHL >> > >> > _______________________________________________ >> > OAuth mailing list >> > [email protected] >> > https://www.ietf.org/mailman/listinfo/oauth >> > >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
