2 is a must have from my point of view.
I would also like to see support for b. In this case, additional means
for client authentication should be considered.
regards,
Torsten.
Please answer this based on actual use cases. When returning parameters
using the redirection URI call, which of these combinations make sense?
| Code | Token | Code& Token
---------+------+-------+--------------
Fragment | a | 1 | 3
Query | 2 | b | c
Split* | n/a | n/a | d
* token in fragment, code in query
Known use cases:
1 - current user-agent flow
2 - current web-server flow
3 - as described by Brian and Naitik
Do you need any of these?
a -
b -
c -
d - current -10 code-and-token proposal
EHL
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth