This rather implies that we're specifying running a full server on port 80 as a "stupid detector". We should tread carefully here.
> +1 for language in the spec describing how to handle this case > > On Wed, Oct 13, 2010 at 4:12 PM, Jeff Lindsay <[email protected]> > wrote: > >> Hopefully you also invalidate the token (if bearer) since it was > send over > >> an insecure channel. > > > > Excuse my naivety, but perhaps that's worth putting in the spec? _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
