The OAuth 2.0 Device Flow for Browserless and Input Constrained Devices specification has been updated to address feedback by Security Area Director Eric Rescorla about the potential of a confused deputy attack. Thanks to John Bradley<https://twitter.com/ve7jtb> for helping work out the response to Eric and to William Denniss<https://twitter.com/WilliamDenniss> for reviewing and publishing the changes to the draft.
The specification is available at: * https://tools.ietf.org/html/draft-ietf-oauth-device-flow-09 An HTML-formatted version is also available at: * http://self-issued.info/docs/draft-ietf-oauth-device-flow-09.html -- Mike P.S. This notice was also published at http://self-issued.info/?p=1823 and as @selfissued<https://twitter.com/selfissued>.
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
