This assumes we support the authorization code grant type without client
authentication. See
http://www.ietf.org/mail-archive/web/oauth/current/msg06816.html and many
other contributions on the same topic
Regards
Mark
oauth-boun...@ietf.org wrote on 29/06/2011 02:15:10:
From:
Anthony
Am 30.06.2011 18:39, schrieb Eran Hammer-Lahav:
This debate has been going on for 3 years. In OAuth 1.0 it was called
token attributes. Someone just need to write a proposal. Last time I
tried, no one wanted to implement any such mechanism.
we already did
regards,
Torsten.
EHL
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth 2.0 Threat Model and Security Considerations
Author(s) : Torsten Lodderstedt
Hi all,
I just posted the new revision of the OAuth 2.0 security threat model
and considerations document as WG item
(http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-00).
We incoporated all feedback we got on the list and at IETF-80. Many
thanks to all people who have given us
Hi all,
I would like to announce that we recently launched OAuth 2.0 support in
our Security Token Service. It will be used in upcoming consumer
products (e.g. Smartphone apps).
The current implementation supports draft 10 (but is also inline with
the latest text on native apps). It has the