At the moment we only HTTP binding to transport the access token (please
correct me if not)..

This creates a dependency on the transport.

How about creating a JWT binding for OAuth 2.0..? We can transport the
access token as an encrypted JWT header parameter..?


Thanks & Regards,
Prabath

Twitter : @prabath
LinkedIn : http://www.linkedin.com/in/prabathsiriwardena

Mobile : +1 650 625 7950

http://blog.facilelogin.com
http://blog.api-security.org
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to