Hi.
It has been a few weeks since then I volunteered to do this work.
I have written up to this pre 00 draft then have been doing some reality
checks on some script languages etc.
No. This pre-00 draft is far from being feature complete.
I still need to copy and paste the Magic Signatures text et
+2
1c introduces one more token that needs to be managed, both by the
client and by the server.
1a/b/c has one more issue, tokens are more exposed than usual and if
revocation fails this can be problematic.
Both access and refresh tokens should be revocable, right?
Thanks,
Marius
On Wed, Aug
--- p.6 terminology/authorization server
" A server capable of issuing tokens after successfully
authenticating the resource owner and obtaining authorization.
The authorization server may be the same server as the resource
server, or a separate entity. "
Based
Am 24.08.2010 23:39, schrieb Marius Scurtescu:
+2
1c introduces one more token that needs to be managed, both by the
client and by the server.
1a/b/c has one more issue, tokens are more exposed than usual and if
revocation fails this can be problematic.
Both access and refresh tokens should b
Giving scope basic structure (space delimitated) allows any app developer to
store a list of scopes which they have and compare any desired scopes to
that list. While the meaning of each scope is not standardized, it allows
for this sort of simple operation on scope. 5.2.1 also defines how a
protec
