On 3/24/2015 8:55 AM, Brian Campbell wrote:
And here's the somewhat different take on token exchange that I mentioned yesterday: https://tools.ietf.org/html/draft-campbell-oauth-sts-01
I'm unclear how your STS would work. Is your client required to go through the whole OAuth process to obtain an access token on behalf of the user before it can invoke on the STS? Or can it be granted tokens for any user out of band without user consent or user authorization?
-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth