Message-
> From: John Bradley [mailto:ve7...@ve7jtb.com]
> Sent: Freitag, 25. April 2014 18:23
> To: Andrei Shakirin
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Session cookies in OAuth2 flow
>
> For cross site request forgery you need to validate the value in state
case? Can they provide additional
> protection in case if redirect URI manipulated?
>
> Regards,
> Andrei.
>
>
>> -Original Message-
>> From: John Bradley [mailto:ve7...@ve7jtb.com]
>> Sent: Freitag, 25. April 2014 14:03
>> To: Andrei Shakirin
>
e7jtb.com]
> Sent: Freitag, 25. April 2014 14:03
> To: Andrei Shakirin
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Session cookies in OAuth2 flow
>
> Yes the server can be stateless, though it may need to store client
> credentials
> and user to validate against, and re
> To: Andrei Shakirin
>> Cc: oauth@ietf.org
>> Subject: Re: [OAUTH-WG] Session cookies in OAuth2 flow
>>
>> hi Andrei,
>>
>> AFAIU session cookie management is beyond the scope of the OAuth2
>> specification.
>>
>> regards
>>
>
Message-
> From: Antonio Sanso [mailto:asa...@adobe.com]
> Sent: Freitag, 25. April 2014 09:02
> To: Andrei Shakirin
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Session cookies in OAuth2 flow
>
> hi Andrei,
>
> AFAIU session cookie management is beyond the
hi Andrei,
AFAIU session cookie management is beyond the scope of the OAuth2 specification.
regards
antonio
On Apr 24, 2014, at 6:39 PM, Andrei Shakirin wrote:
> Hi,
>
> My name is Andrei Shakirin, I am working with OAuth2 implementation in Apache
> CXF project.
> Could you please help me t
