Does https://tools.ietf.org/html/draft-ietf-oauth-spop-10 provide a way for us to replace the implicit flow with the code+proof key model? Yes, Implicit saves a round trip. This does deal nicely with some of the security concerns raised recently around how fragments are handled in the browser. -bill
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
