On 4/6/10 5:24 PM, "Evan Gilbert" <uid...@google.com> wrote: > Proposal: > In 2.4.1 & 2.4.2, add the following OPTIONAL parameter > username > The resource owner's username. The authorization server MUST only send back > refresh tokens or access tokens for the user identified by username. What are the security implications? How can the client know that the token it got is really for that user? EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] Comments on Web Callback & Client F... Evan Gilbert
- Re: [OAUTH-WG] Comments on Web Callback & Cli... David Recordon
- Re: [OAUTH-WG] Comments on Web Callback &... Evan Gilbert
- [OAUTH-WG] Access Token Exchange Flow Torsten Lodderstedt
- Re: [OAUTH-WG] Access Token Exchange ... Marius Scurtescu
- Re: [OAUTH-WG] Access Token Exch... Torsten Lodderstedt
- Re: [OAUTH-WG] Comments on Web Callback &... David Recordon
- Re: [OAUTH-WG] Comments on Web Callba... Brian Eaton
- Re: [OAUTH-WG] Comments on Web Callback & Cli... Eran Hammer-Lahav
- Re: [OAUTH-WG] Comments on Web Callback &... Evan Gilbert
- Re: [OAUTH-WG] Comments on Web Callback &... Eran Hammer-Lahav
- Re: [OAUTH-WG] Comments on Web Callba... Evan Gilbert
- Re: [OAUTH-WG] Comments on Web C... Eran Hammer-Lahav
- Re: [OAUTH-WG] Comments on Web C... Evan Gilbert
- Re: [OAUTH-WG] Comments on Web C... John Panzer
- Re: [OAUTH-WG] Comments on Web C... Evan Gilbert
- Re: [OAUTH-WG] Comments on Web C... Eran Hammer-Lahav
- Re: [OAUTH-WG] Comments on Web C... Evan Gilbert
- Re: [OAUTH-WG] Comments on Web C... John Panzer
- Re: [OAUTH-WG] Comments on Web C... Evan Gilbert