+1
Am 01.04.2011 03:00, schrieb Marius Scurtescu:
On Thu, Mar 31, 2011 at 4:56 PM, Phil Hunt<phil.h...@oracle.com> wrote:
Done.
It isn't quite what the flow shows in the earlier diagram. I was originally
avoiding client type and trying to focus on section 4 options.
But this should be a better diagram.
http://independentidentity.blogspot.com/2011/03/oauth-flows-extended.html
A native app with no client secret is still advised to use the
implicit grant, which is wrong IMO.
The right question I think is "does the client need long term offline access"?
JavaScript clients typically don't need offline access (only with the
user at the browser). Some native apps and web apps could be OK with a
short term offline access, one off import for example.
Marius
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
