The IESG has received a request from the Web Authorization Protocol WG
(oauth) to consider the following document:
- 'OAuth 2.0 for Native Apps'
as Best Current Practice
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive
Hi William,
Thank you for making the updates. Just a few notes inline and I'll
kick off IETF last call.
On Wed, Apr 26, 2017 at 5:50 PM, William Denniss wrote:
> Thank you for your review Kathleen.
>
> Version 10 which addresses your comments is out:
> https://tools.ietf.org/html/draft-ietf-oau
+1 for separate. The real world implementations we've seen tend to not
need the URL at all. Eg end user out of band is in a web application on
the their laptop/tablet and that app has a "pair device" area, where
they just enter the necessary code - so they don't even need to see/use
a URL from
