-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2011-06-28 18:05, Brian Campbell wrote:
invalid_grant seems like the appropriate error as the username and
password are the grant in the context of the Resource Owner Password
Credentials flow/grant type.
What should the HTTP status code be?
Hi,
we are implementing a service that will allow users sign in using their
account on an external OAuth 2.0 provider (a certain well-known social
network). But there is a twist: my service consists of a mobile app and
a web service. The mobile app needs to authenticate its user to the app
Thank you all for your advice, that was very helpful. The general
pattern seems to be similar to what I had in mind.
It would really help to have this documented properly. I would think it
is an increasingly common scenario.
Cheers,
Marcus
___
OAuth
