On Wed, Jun 1, 2011 at 12:08 AM, Chuck Mortimore <cmortim...@salesforce.com> wrote: > This is one reason we’ve favored implicit for native apps.
OK, so are you using the implicit grant for both web apps and native apps...? I'm trying to figure out if you need two flows are three. - web server flow used with real secret client credentials gives out long-lived tokens - native app flow doesn't have real secret client credentials gives out long-lived tokens - implicit flow for javascript apps gives out short-lived tokens based on callback URLs (We need all three of those flows, BTW, plus at some point we'll get around to implementing a javascript flow that returns authorization codes, and a web server flow that provides short-lived credentials... but those are lower priority.) _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
