This looks along the same lines as the solution my colleague here has proposed
but I was unsure of the security implications and unaware of any existing
implementations.
I agree that a standardised profile for this would be helpful.
Thanks,
Phil
On 5 Feb 2014, at 21:49, John Bradley wrote:
> Y
Thanks all - some interesting points raised.
I've used the Authorisation Code grant for a couple of other use cases on other
projects. The Implicit Grant is less desirable but it fits here for me because
of the particular constraints of the client and its hosting environment. The
level of sec
Hi Manfred,
On 5 Feb 2014, at 11:30, Manfred Steyer wrote:
> Hi Phil,
>
> the server won't see the access-code, cause it is returned within the hash
> that stays at the client-site:
> http://.../returnUri#access_code=ABCDE.
>
That's excellent. I hadn't picked that up in the text. I t
Hi all,
I'm looking to apply OAuth for a particular use case with a Javascript client
and would like to get some guidance with this. Bear with me as I'm new to this
list.
I have a Javascript client which needs to be deployed on a number of different
sites for which we don't have control over