On Mon, Apr 4, 2011 at 10:47 AM, Kris Selden <kris.sel...@gmail.com> wrote: > A typical iPhone app cannot be shipped with a client secret and rightly or > wrongly users expect to only have to enter their credentials once. > > What is the best profile to use for an app that can't have a client secret > and needs a refresh token or a long lived access token?
The authorization code grant, aka web server flow. The spec is misleading in this respect IMO. Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
