On Mon, Nov 2, 2009 at 7:06 AM, John Kristian <jmkrist...@gmail.com> wrote: > > The access token indicates the user on whose behalf a consumer is > acting, when the consumer sends a request to a service provider. (A > single consumer may act on behalf of many users, concurrently.) > > Some service providers store information inside tokens. For example, > an access token may contain the database key of the user who > authorized it. To enable this, the access token must be issued after > the user has been authenticated.
Thanks for the responses. I guess my question is: if the Service Provider already knows the Consumer is authorized to access a resource, why does it also need an Access Token? > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---