In an oauth2 request, the access token is passed along in the header, with
nothing else.
As I understand it, oauth2 was designed to be simple for everyone to use.
And while, that's true, I don't really like how all of the security is
reliant on SSL.
what if an attack can strip away SSL using a to
in question first if
> you think they have a vulnerability.
>
> --------------
> *From:* L. Preston Sego III
> *To:* oauth@ietf.org
> *Sent:* Thursday, January 31, 2013 6:01 AM
> *Subject:* [OAUTH-WG] Where / how do we report security risks?
>
> Do
Don't want hackers to try anything on oauth2-using applications...
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
