On Thu, Mar 31, 2011 at 4:56 PM, Phil Hunt <[email protected]> wrote: > Done. > > It isn't quite what the flow shows in the earlier diagram. I was originally > avoiding client type and trying to focus on section 4 options. > > But this should be a better diagram. > > http://independentidentity.blogspot.com/2011/03/oauth-flows-extended.html
A native app with no client secret is still advised to use the implicit grant, which is wrong IMO. The right question I think is "does the client need long term offline access"? JavaScript clients typically don't need offline access (only with the user at the browser). Some native apps and web apps could be OK with a short term offline access, one off import for example. Marius _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
