Nat/Naveen,
I must confess I keep going back and forth on this issue.
Clearly this draft is a fix for the issue of:
1. Real app initiates authorize request
2. 'bad' app intercepts grant because it has taken over the access token.
But while I agree this is a problem, what's to stop the 'bad' ap
On Oct 23, 2013, at 5:27 PM, Thomas Broyer
mailto:t.bro...@gmail.com>>
wrote:
On Wed, Oct 23, 2013 at 9:22 PM, Richer, Justin P.
mailto:jric...@mitre.org>> wrote:
Hi Thomas,
You're right in that the introspection process is about getting meta data about
a particular token by making an authent
