On Wednesday, August 31, 2011 02:05:58 PM George Fletcher wrote: > You could also use a signed JWT returned by the resource owner (web > site) to be presented to the resource server (widget provider) that the > resource server can validate (e.g. verify the signature). The JWT can > contain scopes, expiry time, etc as needed. If the widget provider needs > to access services at the resource owner, the JWT can contain an > appropriate access_token for the user.
Interesting, I was not aware of JSON Web Tokens until now. Is there a relationship to OAuth? Are they at odds or serve different purposes? Justin _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
