On 21/04/2015 01:49, Nicholas Alexander wrote: > For those reading along at home, production Fennec uses the "Fennec Dev" > token at > https://github.com/mozilla/fxa-dev/blob/master/roles/oauth/templates/config.json.j2#L199. > > I see now that this, and a few other tokens, has "hashed secret" all > zeroes. Is that an issue?
I believe this is for "implicit grant only" clients like the ones baked into firefox clients. Since they get tokens by directly submitting an assertion rather than through a redirect dance, they don't need a client secret. So we disable it in the db. Ryan _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
