I was trying to understand that too (see "Is user agent profile secure" thread). The answers that I've got were:
1. It's already coded this way. 2. It's the most efficient way of doing that, because that relay.html page is static and can be cached by a browser. None of the answers above looks very convincing to me, but that's where UA is now. From: Torsten Lodderstedt <tors...@lodderstedt.net> Can someone pls. explain why code and token should both be returned in the fragment? > > > >regards, >Torsten. >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth