lize that it's open to the authorization server to issue
authorization codes how they see fit. It just strikes me as odd that
there's not a lot of guidance around when transparent redirects are
safe, when user interaction should occur, and the risks and
implications of both behaviors.
Danie
cts for
authorization code grants. There's a whole host of both security and
application logic issues that could come up from such behavior, so I'd
like to ask for clarification in best practices.
[1]: https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
Daniel Roesler
Co-founder
lks, blog posts, examples,
etc. for making good OAuth 2.0 UI/UX?
Thanks!
Daniel Roesler
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Thanks Nov and Dave!
I have several questions about CIBA. Is this mailing list the
appropriate place to ask them or is there another mailing list that is
for discussions about CIBA?
Daniel Roesler
dan...@utilityapi.com
On Tue, Jan 15, 2019 at 11:01 PM Dave Tonge wrote:
>
> Hi Daniel
&g
nly
think about their energy use when they are out and about and encounter
energy products (e.g. in a hardware store), so we're trying to make it
easy for them to get an energy audit with minimal information input or
device requirements.
Thanks again,
Daniel Roesler
dan...@utilityapi.com
On
an give to the client for
authorization. Hopefully, this can shift most of the complex UI/UX
development cost away from the utility and onto the third party clients.
Unfortunately, the energy industry can be quite behind on the latest and
greatest OAuth developments, but we're trying to get bette
