On Tue, Aug 3, 2010 at 8:56 PM, Oleg Gryb <oleg_g...@yahoo.com> wrote: > I see your point, but let me try to eliminate the call to rpc_relay.html at > all. > After all, the ultimate goal is not to receive an access token, but a resource > protected by that token.
The goal is to allow the user to delegate to thirdparty.com her authorization for the protected resources on resourceserver.com. If thirdparty.com never gets the access token, thirdparty.com can never do anything on behalf of the user. Mike _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
