Typo. On Apr 8, 2011, at 8:04, "Andrew Arnott" <[email protected]<mailto:[email protected]>> wrote:
Draft 15, section 2.1 Since requests to the authorization endpoint result in user authentication and the transmission of clear-text credentials (in the HTTP response), the authorization server MUST require the use of a transport-layer security mechanism when sending requests to the token endpoints. The authorization server MUST support TLS 1.2 as defined in [RFC5246], and MAY support additional transport-layer mechanisms meeting its security requirements. I'm confused by the fact that token endpoints must use HTTPS due to a trait of the authorization endpoint. Am I missing something here, or is this perhaps a misprint? -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre We're hiring! My team at Microsoft has 7 open slots. <http://bit.ly/fZBVUo> http://bit.ly/fZBVUo _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
