Hi all, I am looking at different token types in Oauth2. I am having trouble understanding the benefits of using MAC over the simple Bearer token.
It looks to me using MAC token can prevent replay attacks as it uses a nonce. But if SSL is used, those attacks are no longer possible (assuming a proper SSL implementation). It mentions in the spec a two way TSL is recommended. Doesn't that mean this mac token is not ideal for mobile/native apps where its impossible to safe guard a client certificate? Many thanks? Jason
