What is the assertion format? Binary? XML? Should the library encode it? Is the application using the library responsible for providing it with a URI-safe string?
EHL On 4/1/10 9:45 PM, "Marius Scurtescu" <mscurte...@google.com> wrote: On Thu, Apr 1, 2010 at 9:02 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > But providing a half baked flow that is short enough to just replicate where > needed and cannot be fully implemented by generic libraries doesn't really > offer much. I think this is similar to the scope parameter argument, that libraries cannot really use an opaque scope. OAuth libraries will neither generate nor consume the assertions, the assertion itself can be opaque. The client application needs to obtain an assertion somehow, this is out of scope, then pass it to a library and the library can use it as is, pass it to the Authorization Server and deal with the response. Works perfectly fine IMO. Marius
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
