Re: [OAUTH-WG] OAuth 1.0 2-legged scenario

The term 'two-legged' really means traditional client-server communication, where the OAuth 1.0 signature flow is used for authenticating the client. There are a few flavors of this, some using just the client credentials and others using an access token as well. The original idea was that if t

[OAUTH-WG] OAuth 1.0 2-legged scenario

Does this docaccurately describe what the community generally refers to as "two-legged OAuth"? If so, I have a couple questions... What about this is "*two* legged"? I count zero legs. The consumer already has a

Re: [OAUTH-WG] requirement of redirect_uri in access token requests

On Fri, Apr 29, 2011 at 11:21 AM, Doug Tangren wrote: > Is this required or not? In the example > http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-3.1 it's listed > in the example but not itemized as optional or required. It's not in the > example for refreshing tokens > http://tools.iet

Re: [OAUTH-WG] implicit clients and refresh tokens

Seems like immediate mode should be added into the UX spec to me, maybe even as "display=none". Is there any interest in that? -- Justin From: oauth-boun...@ietf.org [oauth-boun...@ietf.org] On Behalf Of Marius Scurtescu [mscurte...@google.com] Sent: Fri