t:* Wednesday, June 08, 2011 1:27 PM
> *To:* Eran Hammer-Lahav
> *Cc:* oauth@ietf.org
>
> *Subject:* Re: [OAUTH-WG] OAuth 2.0-16 + mactoken draft 6. I don't
> undestand
>
>
>
> Perfect, thank you. I made a sequence diagram for Authorization code. I
>
The last part, refresh token, is with the authorization server, not resource
server.
EHL
From: denadai2 [mailto:denad...@gmail.com]
Sent: Wednesday, June 08, 2011 1:27 PM
To: Eran Hammer-Lahav
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth 2.0-16 + mactoken draft 6. I don't undestand
Pe
>
>
> From: denadai2
> Date: Sun, 22 May 2011 08:27:41 -0700
> To: Eran Hammer-lahav
> Cc: "oauth@ietf.org"
> Subject: Re: [OAUTH-WG] OAuth 2.0-16 + mactoken draft 6. I don't undestand
>
> Ok thank you. I will be more specific:
>
> 1- Client ->
From: denadai2 mailto:denad...@gmail.com>>
Date: Sun, 22 May 2011 08:27:41 -0700
To: Eran Hammer-lahav mailto:e...@hueniverse.com>>
Cc: "oauth@ietf.org<mailto:oauth@ietf.org>"
mailto:oauth@ietf.org>>
Subject: Re: [OAUTH-WG] OAuth 2.0-16 + mactoken draft 6.
Ok thank you. I will be more specific:
1- Client -> Authorization server. (via TLS)
I build the authorization request with response_type = "code",
client_id, redirect_uri.
2- Authorization server -> Client. (without TLS)
I grant access with an authorization code generated (for example) wi
You need to be more specific about what is confusing you. V2-16 7.1 is just an
example. For using MAC you need to refer to the MAC spec.
How you generate your access token string is an internal detail but your use of
the authorization code in the algorithm is odd, IMO.
The MAC is calculated bas
