Hi everyone,
As we adapt the RedIRIS PHP OAuth2 library[1] to the last version of the draft
we have found some issues regarding the client secret and client id.
The thing is that we don't understand the security given with the client_id and
client_secret of the assertion profile.
The last chan
Why don't you use the client secret to authenticate the application? The spec
allows you to use a BASIC authorization header for that purpose.
Regards,
Torsten.
Am 15.07.2010 um 12:54 schrieb Elena Lozano :
> Hi everyone,
>
> As we adapt the RedIRIS PHP OAuth2 library[1] to the last version o
You need to verify that when you use an authorization code, not when you use an
assertion.
EHL
On 7/15/10 3:54 AM, "Elena Lozano" wrote:
Hi everyone,
As we adapt the RedIRIS PHP OAuth2 library[1] to the last version of the draft
we have found some issues regarding the client secret and clie
On Jul 15, 2010, at 1:10 PM, Torsten Lodderstedt wrote:
> Why don't you use the client secret to authenticate the application? The spec
> allows you to use a BASIC authorization header for that purpose.
We hadn't thought of that, but suits perfectly to our use case!
Thanks!
>
> Regards,
> Torst
