Dear Prabath:
But is it possible to include the the mapping between the user request and the code in the message that the AS sends to the client directly? Best Regards Brent On Wed, 9 Jan 2013 12:17:19 +0530, Prabath Siriwardena wrote: > On Wed, Jan 9, 2013 at 12:09 PM, Peng Zhou wrote: > >> Dear Prabath: >> >> Thank you very much for your responses :-) >> >> However, I am still not quite sure why the authorization code must be >> sent to the client through the RO's user-agent? > > One reason I see is, bringing the authorization code via User Agent - links the user request to the authorization code. If AS directly sends the code to the Resource Server the mapping between the user request and the code is broken. > > Thanks & regards, > -Prabath > >> Best Regards >> Brent >> >> 2013/1/9 Prabath Siriwardena : >> > Prabath > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com [3] > http://RampartFAQ.com [4] Links: ------ [1] mailto:[email protected] [2] mailto:[email protected] [3] http://blog.facilelogin.com [4] http://RampartFAQ.com
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
