On Tue, Jan 25, 2011 at 10:58 PM, Eran Hammer-Lahav <[email protected]> wrote: >> What's the difference from a conceptual point of view? In my opinion, the >> resource owners password is used for both, authenticating the resource >> owner and authorizing the token issuance. > > The resource owner is not present and therefore not being authenticated.
OK, so it turns out that in this use case the resource owner is present, and is being authenticated. They happen to be using a client other than a web browser. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
