Whoops, turns out we were just abusing scope (ie not in the SAML sense).
Sorry; my bad.
Laurens
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Hi all,
I intend to submit a I-D for token revocation. Based on previous
discussions on the mailing list and here at Deutsche Telekom, I see a
couple of design options. I would like to share those options with the
WG and try to reach consensus on a single option before investing the
time to
I would like to furthermore track down the relevant use cases. Assuming
you are referring to section 5.2.1, how does your client send the access
token to the resource server? I'm asking because I think error handling
for URI query parameters, Body parameters and Authorization headers
could be
Yes, I'm talking about 5.2.1
For JSONP the user's browser is the client. It will make a request by executing
some HTML like this:
script
src=http://graph.facebook.com/me?access_token=...callback=jsonp_cb;/script
script
function jsonp_cb(response) {
if (response.error) {
// error out