Hi Bruno, thanks for your insights.
The recommendation is not only based on security considerations but just utility. As soon as one wants to integrate federated login or multi factor authentication, ROPG reaches its limits. Moreover, how do those teams implement user registration and user account recovery? In my experience, implementing this in a native experience will significantly increase cost of the implementation. Two reasons to go with the code flow. best regards, Torsten. > Am 19.02.2020 um 01:49 schrieb Bruno Brito <bhdebr...@gmail.com>: >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth