In SPOP/PKCE ยง1.1 [1] the figure and explanation have the authorization
request going to the Resource Owner and goes on to say that 'the resource
owner responds as usual, but records t(code_verifier) and the
transformation method.' That's not what the resource owner does.
I know the protocol flow
++ +---+
||--(A)-- Authorization Request ---| |
||+ t(code_verifier), t | Authorization |
|| |Endpoint |
|
Works for me. The text below needs to be fixed up to match too.
On Thu, Jan 29, 2015 at 3:14 PM, John Bradley ve7...@ve7jtb.com wrote:
How about
++ +---+
||--(A)-- Authorization Request ---| |
||
How about
++ +---+
||--(A)-- Authorization Request ---| |
||+ t(code_verifier), t | Authorization |
|| |Endpoint |
||-(B)-
Good by me.
On Thu, Jan 29, 2015 at 3:35 PM, John Bradley ve7...@ve7jtb.com wrote:
++ +---+
||--(A)-- Authorization Request ---| |
||+ t(code_verifier), t | Authorization |