You are asking about 10.13 I think. The important idea is to give the user a browser that gives them a browser bar so they can tell if the SSL and domain are correct.
Some native applications (JS) may be able to invoke a frameless iframe browse window. It would be deter to be clear and translate as Full Frame external Browser window. No iframe only applies to some environments. At least that is how I read the section. John B. On 2011-11-11, at 3:23 AM, matake@gmail wrote: > Hi all, > > I'm now translating OAuth 2.0 Core & Bearer specs into Japanese with my > friends. > I have one question on section 10.3 in Core spec. > > "To prevent this form of attack, native applications SHOULD use external > browsers instead of embedding browsers in an iframe when requesting end-user > authorization." > > Here, what do you mean for "in an iframe"? > I thought it means "embedded browser is in an iframe", but I can't imagine it > can be.. > > Thanks in advance > > -- > nov matake > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
