On Wed, Jan 9, 2013 at 12:09 PM, Peng Zhou <[email protected]> wrote:
> Dear Prabath: > > Thank you very much for your responses :-) > > However, I am still not quite sure why the authorization code must be > sent to the client through the RO's user-agent? > One reason I see is, bringing the authorization code via User Agent - links the user request to the authorization code. If AS directly sends the code to the Resource Server the mapping between the user request and the code is broken. Thanks & regards, -Prabath > > Best Regards > Brent > > 2013/1/9 Prabath Siriwardena <[email protected]>: > > Prabath > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
