----- Original Message ----
> From: Michael D Adams <m...@automattic.com>
> If> thirdparty.com never gets the access token, thirdparty.com can never
> do anything on behalf of the user.
>
thirdparty.com never gets the access token in the scenario that Brian has
described, becuase fragment that was sent by a service provider in Location
header is not going to travel to the thirdparty.com server.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] Is User Agent P... Oleg Gryb
- Re: [OAUTH-WG] Is User Agent P... John Kemp
- Re: [OAUTH-WG] Is User Agent P... Oleg Gryb
- Re: [OAUTH-WG] Is User Agent P... Eran Hammer-Lahav
- Re: [OAUTH-WG] Is User Agent Profi... Eran Hammer-Lahav
- Re: [OAUTH-WG] Is User Agent Profile Secure in OAuth 2.0... Oleg Gryb
- Re: [OAUTH-WG] Is User Agent Profile Secure in OAut... Luke Shepard
- Re: [OAUTH-WG] Is User Agent Profile Secure in ... Marius Scurtescu
- Re: [OAUTH-WG] Is User Agent Profile Secure in ... Oleg Gryb
- Re: [OAUTH-WG] Is User Agent Profile Secure in OAut... Michael D Adams
- Re: [OAUTH-WG] Is User Agent Profile Secure in ... Oleg Gryb
- Re: [OAUTH-WG] Is User Agent Profile Secure... Brian Eaton
- Re: [OAUTH-WG] Is User Agent Profile Secure... Michael D Adams
- Re: [OAUTH-WG] Is User Agent Profile Se... Oleg Gryb
- Re: [OAUTH-WG] Is User Agent Profi... Michael D Adams
- Re: [OAUTH-WG] Is User Agent P... Oleg Gryb
