Hi, In the OAuth 2.0 spec, I don't see any mention of the "Allow / disallow" screen (just after the user is logged in). However, most of the OAuth providers I know (Facebook, Google, Twitter...) have such a "allow / disallow" screen.
Did I miss something in the spec ? What are the security concerns about not having such "Allow / disallow" screen ? Thanks. Best regards, Jérôme
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
