Can I take this as an endorsement for dropping it? It feels very experimental and should be easy to add as an extension.
As for your plan, will this work with a single authorization generating both a token and code? EHL > -----Original Message----- > From: Brian Eaton [mailto:[email protected]] > Sent: Wednesday, January 19, 2011 5:51 PM > To: Eran Hammer-Lahav > Cc: OAuth WG > Subject: Re: [OAUTH-WG] Proposal to drop/relocate > response_type=code_and_token > > On Tue, Jan 11, 2011 at 4:40 PM, Brian Eaton <[email protected]> wrote: > > On Tue, Jan 11, 2011 at 1:21 PM, Eran Hammer-Lahav > <[email protected]> wrote: > >> But that's just an annoying implementation detail. > > > > Yes. The user-agent flow is a set of annoying implementation details > > that are very, very useful if you want to make the protocol efficient. > > Update: we're not planning on doing anything with code_and_token; we > think most use-cases can be met with one of three flows: > > - query string, with a code > - fragment, with a token > - HTML 5 techniques, with either. This is still a little new to standardize, > but > we'll have our libraries use HTML 5 where possible. > > Cheers, > Brian _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
