There has been some press lately about clients being able to use an
implicit flow to get tokens when they really ought to only use a code
flow, since the security considerations and protections for both are
very different. With this in mind, it makes sense that a dynamically
registered client s
For grant_type you have to make up implicit as a grant_type.
They are sort of separate things and are both extendable in the case of
assertions for the token endpoint, and new response types like "code id_token"
or "token code" for response type.
Both could be used to not allow implicit but a
auth-boun...@ietf.org] On Behalf Of
Justin Richer
Sent: Wednesday, February 27, 2013 8:00 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Registration: grant_types and response_types
There has been some press lately about clients being able to use an implicit
flow to get tokens when they really ought
:* Wednesday, February 27, 2013 8:00 AM
*To:* oauth@ietf.org
*Subject:* [OAUTH-WG] Registration: grant_types and response_types
There has been some press lately about clients being able to use an
implicit flow to get tokens when they really ought to only use a code
flow, since the security considerat
Best wishes,
-- Mike
From: Justin Richer [mailto:jric...@mitre.org]
Sent: Thursday, February 28, 2013 7:42 AM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Registration: grant_types and response_types
The good thing about having two fields is that
