Mis-stated perhaps, but it's highlighting a core problem we punt on at the
protocol layer. FB as the example here tries to make teh friction of using a
FB login as low as possible, and so the user consent stuff is dialed down to
the very minimum of acceptable. This is the common pattern, get a user consent
and you're covered legally and then the drive is to make that consent as
minimally invasive (read effective) as possible.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
