Can you share an actual example of how you are authenticating *both* the resource owner and client in a single request?
EHL > -----Original Message----- > From: Brian Eaton [mailto:bea...@google.com] > Sent: Wednesday, January 26, 2011 9:01 AM > To: Eran Hammer-Lahav > Cc: Torsten Lodderstedt; OAuth WG > Subject: Re: [OAUTH-WG] How to integrated DIGEST or SPNEGO with > tokensendpoint? > > On Tue, Jan 25, 2011 at 10:58 PM, Eran Hammer-Lahav > <e...@hueniverse.com> wrote: > >> What's the difference from a conceptual point of view? In my opinion, > >> the resource owners password is used for both, authenticating the > >> resource owner and authorizing the token issuance. > > > > The resource owner is not present and therefore not being authenticated. > > OK, so it turns out that in this use case the resource owner is present, and > is > being authenticated. They happen to be using a client other than a web > browser. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
