Hi Christian,
in my opinion, the token should be digitally signed in order to detect
modifications. HMAC-SHA256 or RSA are good candidates for that. If you
really need encryption depends on your privacy and security requirements.
Typical token contents are: issuer, validity/expiration, audien
Hi
We are in the process of defining a REST interface for our application, and
are looking to use OAuth 2 as the authentication mechanism. I have read
through the latest specification, and it seems like a perfect fit for our
needs. Our main dilemma is with regard to the format of the access token.
