Hans,
Please do not mix topics. I have changed the title of that thread, for
not polluting the original one.
On Tue, Mar 29, 2022 at 9:54 PM Denis <denis.i...@free.fr> wrote:
Nothing stops Alice from giving her token that says “This is
Alice” to Bob and having Bob use it.
Such scenario does not exist in the context of long term user
accounts. However, it is important first to understand the concept
of long term user accounts.
nothing stops Alice from logging in on Bob's device, obtaining tokens
for access and then leave Bob with the device, even in long term user
accounts
Even so, Alice will be unable to use that long term user account that
has been just opened the next time an access token will be requested by
the RS,
unless she asks again to Bob to use again Bob's device. In such a case,
she has better to live very close to Bob. :-)
Denis
Hans.
--
hans.zandb...@zmartzone.eu
ZmartZone IAM - www.zmartzone.eu <http://www.zmartzone.eu>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
