On Thu, Jun 17, 2010 at 11:09 AM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > We added an optional authorization code which can only be used after > exchanging it for an access token with required client authentication (client > secret).
Just to make sure I understand the new flow, the authorization code is supposed to be exchanged for an access *and* a refresh token, right? I don't see the point of swapping it only for an access token. Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
