Hi. I'm new here. I searched the archives a bit and didn't immediately find
an answer to my question below. My apologies if there was some previous
discussion of this that I missed.
Looking at the draft spec at http://tools.ietf.org/html/draft-ietf-oauth-v2-10,
I see in section 4.1.1 "Author
So, maybe you and Thomas can generalize that use case to rely on either
mechanism?
Igor
Zeltsan, Zachary (Zachary) wrote:
Igor,
The intention of the draft draft-vrancken-oauth-redelegation was to specify a
mechanism for doing exactly what Thomas has described:
... User#1/Client#1 asks for
I've looked over this draft, and I don't think a lot of it is necessary
under OAuth2.0. The protected resource no longer has any kind of
client_id associated with it, so a client can take an access token and
hand it off to any other client to use without any other information
needed. To support thi
