Hi
I am a bit confused on whether public clients such as smart phones, etc
which work with the authorization code flow can have redirect URIs
supported or not.
My understanding so far has been that public clients won't have redirect
uris (except for them working with Implicit code flows), the code would
be entered into the device by a user or perhaps returned directly from
AS via some back channel. The reason I ask is the text at [1] says in
its Introduction:
"... This is especially true on some smartphone platform in which the
'code' is returned to a redirect URI ... "
I can imagine that in this case a smartphone has an application actually
running a web server so it can accept redirect requests,
is it when public clients can have redirect URIs and texts such as [1]
can be of help ?
Thanks. Sergey
[1] http://tools.ietf.org/html/draft-sakimura-oauth-tcse-01
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
