Dear All:
I have a question in the section 1.3.1. Authorization Code in rfc6749 The OAuth 2.0 Authorization Framework. It tells "which in turn directs the resource owner back to the client with the authorization code." Who can let me know the reason why is the authorization code sent to client through a redirection in resource owner's agent? Any security implications? Is it possible to let the authorization server send the authorization code to the client directly (not through resource owner's user-agent)? Best Regards Brent
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
