On Mon, Jan 10, 2011 at 2:39 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > This explains why you want the code returned in the fragment, but not why you > need both code and token in the same response, as well as any differences in > the token attributes,
The token in the same response is a latency optimization. It is used to start rendering iframes and script with interesting content while the code is still being processed. The code is used as a short-lived token that can be swapped for a long-lived (refresh token). I would expect the attributes of the refresh token and access tokens to be equivalent. The primary difference is credential lifetime. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
