On Tue, Nov 2, 2010 at 2:55 PM, Olivier POITREY <[email protected]> wrote:
> Hi David, > > Thank you for adding us. The implementation was straightforward, and the > current draft of the spec is clear and easy to read. The only place where we > had to adapt a bit was the "insufficient scope" error reporting: our API > supports multiple method calls per request, and returning a global error if > only one had insufficient scope wasn't very helpful for the developers. We > solved this by simply handling insufficient scope errors at the API level. > Hi Olivier, I was reading the doc and I wanted to make my greetings. In these days I'm reading several dev doc related to OAuth2 (spec and provider services) and I've one question I'm not able to find a solution at. In the User Agent flow, I get pretty well the flow cicle, but I can't understand if it can be really used, or if it is dangerous for security problems. As far as you are one of the few giving this flow service, I wanted to ask your opinion about. If you have also some documentation, I would love to get more in touch with the low level details. -- Andrea Reginato
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
