Thank you both for your fast replies.
Indeed, I was wrong when I said that the distinction between both
tokens would dramatically increase the response time. I misunderstood
the spec, as I thought that one pair Request Token -- Access Token
only granted access to one protected resource (namely,
I'll start with the IPR question. The IETF has a very simple set of rules with
regard to its IPR policies. The full rules are available at:
https://datatracker.ietf.org/ipr/about/. In general, everyone is an individual,
and most of the IPR requirements are about copyrights. There is a
Most of the major providers that I know use SSL behind netscalars too
for their login servers. Usually netscalers persist the connections
with the origin servers so there is still huge performance improvement
while securing the data in transit in the internal network.
Of course passwords still
I propose to extend the Java oauth-core library to better support
accessing protected resources, as follows. Please let me know if this
is a bad idea, or there's a better way.
In brief, I propose to add a method to OAuthClient:
/** Send a request and return the response. */
public