besides, the user has no authorization code; the authorization server does have.
2012/9/3 Guangqing Deng <[email protected]> > Why let the user send an authorization code to the client? Let client > request an access token from authentication server using that authorization > code? If so, authentication server can’t determine whether the > authorization code is valid or not and will not issue an access token. > > > 2012/9/3 <[email protected]> > >> >> Hi,all >> I have always been unclear of one thing, why must let authorization >> server generate and issue authorization code to a client? >> Could not just let the user authorize the client directly by sending the >> client something like authorization code? >> >> Regards~~~ >> >> -Sujing Zhou >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> >> > > > -- > Guangqing Deng > > -- Guangqing Deng
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
