On Tue, Aug 3, 2010 at 9:34 PM, Luke Shepard <lshep...@facebook.com> wrote: > Hi Oleg, > > If you want to send an access token directly to the server, we have the web > server flow designed to do that. The JS redirect or Ajax call is just a more > complicated way to send the token to the server. The user-agent flow is > intended for use where the resource needs to be accessed directly from the > client - either in Javascript, or a mobile or desktop application.
Nitpick: in most cases the user-agent flow gives the client only a short lived access token, mobile or desktop apps most likely want a long lived refresh token. Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth