On Mon, Feb 28, 2011 at 12:16 PM, Igor Faynberg <[email protected]> wrote: > +1 > > Igor > > Torsten Lodderstedt wrote: >> >> ... >> >> I'm in favour to add the refresh token parameter to the implicit grant >> flow as it would make it more useable for native apps.
I think it is much safer to go with refresh tokens only sent indirectly through an authorization code swap. Implicit grant with refresh token also has no client secret swap and makes things worse by passing the refresh token through the browser. Marius _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
