> -----Original Message----- > From: Brian Eaton [mailto:[email protected]] > Sent: Monday, January 10, 2011 2:31 PM > To: Eran Hammer-Lahav > Cc: OAuth WG > Subject: Re: [OAUTH-WG] Proposal to drop/relocate > response_type=code_and_token > > On Mon, Jan 10, 2011 at 2:17 PM, Eran Hammer-Lahav > <[email protected]> wrote: > > In -12, I am moving back to the -05 specification structure of > > profiles (flows). > > Sweet! > > > This means this code_and_token hybrid needs to be explained beyond > > just the definition of the extra parameter and response format. But I > > don't know how to describe such a profile or what the security > > considerations for such a hybrid look like. > > Does this help? > > http://www.ietf.org/mail-archive/web/oauth/current/msg03655.html
This explains why you want the code returned in the fragment, but not why you need both code and token in the same response, as well as any differences in the token attributes, EHL _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
