On Wed, Jan 9, 2013 at 12:27 PM, <[email protected]> wrote: > > Well, AS could send the request along with the auth code. >
Not quite that will be useful.. It will be a new request that when user is directed from AS to the client. That request should identify it self. Thanks & regards, -Prabath > > [email protected] 写于 2013-01-09 14:47:19: > > > > > > On Wed, Jan 9, 2013 at 12:09 PM, Peng Zhou <[email protected]> wrote: > > Dear Prabath: > > > > Thank you very much for your responses :-) > > > > However, I am still not quite sure why the authorization code must be > > sent to the client through the RO's user-agent? > > > > One reason I see is, bringing the authorization code via User Agent > > - links the user request to the authorization code. If AS directly > > sends the code to the Resource Server the mapping between the user > > request and the code is broken. > > > > Thanks & regards, > > -Prabath > > > > > > > > Best Regards > > Brent > > > > 2013/1/9 Prabath Siriwardena <[email protected]>: > > > Prabath > > > > > > > -- > > Thanks & Regards, > > Prabath > > > > Mobile : +94 71 809 6732 > > > > http://blog.facilelogin.com > > http://RampartFAQ.com_______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
