On Mon, May 2, 2011 at 11:33 AM, Freeman, Tim wrote:
> The issues around redirect_uri seem muddled to me.
>
Yeah. =/ It's unfortunate. I think the problem is that implementers
disagree on what type of redirect uri validation to do, so the spec has
papered over the inconsistencies with muddled
The issues around redirect_uri seem muddled to me. Here's what I know right
now:
Brian Eaton apparently said:
>This provides a defense against authorization codes which have leaked due to
>open redirectors.
I looked for "redirector" in
http://tools.ietf.org/html//draft-lodderstedt-oauth-se
Hey Andrew -
Two-legged OAuth is a very confusing term. I've tried to stop using it,
because it means so many different things to different people. I'm not 100%
sure what your use case is...
The current OAuth2 draft handles traditional client-server authentication
with the client credentials fl
FYI Folks,
This is an update of the Dynamic Client Registration Protocol draft. The
previous version (draft-01) expired in Feb.
Thanks.
/thomas/
-Original Message-
From: i-d-announce-boun...@ietf.org [mailto:i-d-announce-boun...@ietf.org] On
Behalf Of
