Agreed... so I started a new thread on use cases:) Here is one example.
Assume there is a client that speaks a known OAuth2 protected protocol
(e.g. PortableContacts, or something like Jabber). A user of the client
can enter the endpoint of their RS that speaks the protocol and the
client "discovers" the rest. This is kind of how Thunderbird and other
mail clients work. I would hope that OAuth2 protected application APIs
would develop so that this is possible.
Thanks,
George
On 3/17/16 2:05 PM, John Bradley wrote:
(snip)
I do have a more basic question, and that would be how the client gets
this bad RS URI.
Without nailing that down mitigating it is turning into a circular
conversation.
John B.
(snip)
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
