On Mon, Jan 10, 2011 at 3:06 PM, Eran Hammer-Lahav <[email protected]> wrote: > What about the difference between the two access tokens? The one issued > directly and the one via the code? Are those the same? Same scope? Same > duration?
Same. > I think this needs to be presented as a separate profile from the user-agent > one because it will make it easier to better describe the security > consideration of each. That seems wrong, AFAICT everyone interested in implementing the user-agent profile supported the mode where a verification code is returned. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
