At the moment we only HTTP binding to transport the access token (please correct me if not)..
This creates a dependency on the transport. How about creating a JWT binding for OAuth 2.0..? We can transport the access token as an encrypted JWT header parameter..? Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
