Hi, I read the OAuth2 draft and I still have lots of doubts regard security
when talking about the User-Agent Profile.
I can't really understand how steps D, E and F works. Once I get the
access_token in the fragment, what happens then?
How can I avoid from a malicious user check the source of my u
> the user-agent's same-origin policy”.
>
>
>
> Can anyone explain how client’s authentication works in the User-Agent use
> case?
>
>
>
> Zachary
>
>
> --
>
> *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.or
