Hi Phil,
that's great help for anyone looking for advice how to use OAuth.
One remark: In my opinion, the decision process for authorization code
vs. implicit grant involves more parameters.
refresh token required? -- authz code
client in question is a web application? -- authz code
client
Torsten,
Thanks! Yes...I kind of omitted some of the flow decisions to keep the diagram
simpler.
I also note that there has been quite a lot of discussion on the pre-ambles to
Implicit grant, etc.
That said, I'm not sure I like binding application type (web app, javascript
app) to a
Thoughts on what makes up lightweight web services of which OAuth2 plays a
key role.
http://independentidentity.blogspot.com/2011/03/lightweight-web-services.html
Comments welcomed.
Phil
Sent from my phone.
___
OAuth mailing list
OAuth@ietf.org