Hannes Tschofenig <[email protected]> 写于 2012-09-10 17:04:48:
> Hi Sergey, > > > > In our case we have structured access tokens and MAC key is simply > > treated as an extra token property > > > Since the token is opaque to the Client a key transported inside the > Access Token (hopefully encrypted) can only be meant for consumption > by the Resource Server. But you are right that this is an But in http-mac, and hot-sk, client needs to know the key to calculate MAC, contradiction? > alternative to transporting the key from the Authorization Server to > the Resource Server. >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
