Well, AS could send the request along with the auth code. [email protected] 写于 2013-01-09 14:47:19:
> > On Wed, Jan 9, 2013 at 12:09 PM, Peng Zhou <[email protected]> wrote: > Dear Prabath: > > Thank you very much for your responses :-) > > However, I am still not quite sure why the authorization code must be > sent to the client through the RO's user-agent? > > One reason I see is, bringing the authorization code via User Agent > - links the user request to the authorization code. If AS directly > sends the code to the Resource Server the mapping between the user > request and the code is broken. > > Thanks & regards, > -Prabath > > > > Best Regards > Brent > > 2013/1/9 Prabath Siriwardena <[email protected]>: > > Prabath > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com_______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
