Hi John On Jun 29, 2012, at 1:43 AM, John Bradley wrote:
> Authenticating to the client is NOT safe with all of the flows you are perfectly right here. At the begin of this discussion and reading your blog post I was under the impression that this "attack" was tight to the use of the implicit grant flaw. But this is not actually the case as I could reproduce the same scenario against a client using the Authorization Code flaw. Regards Antonio _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
