On Wed, Jan 9, 2013 at 12:22 PM, cspzhouroc <[email protected]>wrote:
> ** > > Dear Prabath: > > > > But is it possible to include the the mapping between the user request and > the code in the message that the AS sends to the client directly? > Nope.. We need the mapping between the request and code.. Adding user name or any identifier to the message sending from AS to Client won't help. Because browser request has to identify it self. Thanks & regards, -Prabath > > > Best Regards > > Brent > > > > On Wed, 9 Jan 2013 12:17:19 +0530, Prabath Siriwardena wrote: > > > > On Wed, Jan 9, 2013 at 12:09 PM, Peng Zhou <[email protected]> wrote: > >> Dear Prabath: >> >> Thank you very much for your responses :-) >> >> However, I am still not quite sure why the authorization code must be >> sent to the client through the RO's user-agent? >> > One reason I see is, bringing the authorization code via User Agent - > links the user request to the authorization code. If AS directly sends the > code to the Resource Server the mapping between the user request and the > code is broken. > Thanks & regards, > -Prabath > > >> >> Best Regards >> Brent >> >> 2013/1/9 Prabath Siriwardena <[email protected]>: >> > Prabath >> > > > > -- > Thanks & Regards, > Prabath > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com > > > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
