On 6/1/11 12:20 AM, "Brian Eaton" <[email protected]> wrote: On Wed, Jun 1, 2011 at 12:15 AM, Torsten Lodderstedt <[email protected]> wrote: > I'm getting confused. This thread is about native apps. So why discuss > security considerations for web apps here? They overlap because they both use refresh tokens. =/ When people propose changes that impact refresh tokens, it impacts both flows and we need to be careful it doesn't create new problems. For example: Chuck proposed returning a refresh token on the implicit grant type, for use by native apps. That would screw up the security considerations for javascript web apps that rely on the implicit grant type. Not entirely what I'm suggesting, but looking back I wasn't clear. My Bad. See my description of what we currently support that I just sent. -cmort _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
