I was trying to understand that too (see "Is user agent profile secure"
thread).
The answers that I've got were:
1. It's already coded this way.
2. It's the most efficient way of doing that, because that relay.html page is
static and can be cached by a browser.
None of the answers above looks very convincing to me, but that's where UA is
now.
From: Torsten Lodderstedt <tors...@lodderstedt.net>
Can someone pls. explain why code and token should both be returned in the
fragment?
>
>
>
>regards,
>Torsten.
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
