On Tue, Apr 6, 2010 at 12:47 AM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > That’s the same as what I have in the draft, only with a single endpoint > instead of two. Since we already have a ‘mode’ parameter (which I am > renaming to ‘type’), that single endpoint can speak more than one flow.
Note that the discovery flow I outlined only works for rich clients, and is completely insecure for other types of clients. In another thread Leif mentioned similar concerns. I think they are justified. Cheers, Brian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
