Hi,
My name is Andrei Shakirin, I am working with OAuth2 implementation in Apache
CXF project.
Could you please help me to verify my understanding regarding of using session
cookies in OAuth2 flow.
OAuth2 specification mentions session cookies in:
1) Section 3.1. Authorization Endpoint as
Message-
> From: Antonio Sanso [mailto:asa...@adobe.com]
> Sent: Freitag, 25. April 2014 09:02
> To: Andrei Shakirin
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Session cookies in OAuth2 flow
>
> hi Andrei,
>
> AFAIU session cookie management is beyond the
e7jtb.com]
> Sent: Freitag, 25. April 2014 14:03
> To: Andrei Shakirin
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Session cookies in OAuth2 flow
>
> Yes the server can be stateless, though it may need to store client
> credentials
> and user to validate against, and re
Message-
> From: John Bradley [mailto:ve7...@ve7jtb.com]
> Sent: Freitag, 25. April 2014 18:23
> To: Andrei Shakirin
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Session cookies in OAuth2 flow
>
> For cross site request forgery you need to validate the value in state
