se point me to
where the token generation and binding is described? Also how is the client
instance is identified?
Thanks a lot in advance,
Madjid Nakhjiri
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Hi John,
Thank you for your reply. Would appreciate if you consider my inline
comments below and respond again!
R,
Madjid
From: John Bradley [mailto:ve7...@ve7jtb.com]
Sent: Wednesday, June 25, 2014 5:56 PM
To: Madjid Nakhjiri
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] refresh tokens
11:22 AM
To: Madjid Nakhjiri
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] refresh tokens and client instances
Inline
On Jun 27, 2014, at 1:24 PM, Madjid Nakhjiri wrote:
Hi John,
Thank you for your reply. Would appreciate if you consider my inline
comments below and respond again
not the client
software itself. So question is do I have any protection if the client
software itself is modified maliciously (even though the metadata is still
the same)?
Thanks in advance,
Madjid
_____
Madjid Nakhjiri | Technical Director, Secur
vide the out of band element.
Madjid
From: John Bradley [mailto:ve7...@ve7jtb.com]
Sent: Tuesday, July 01, 2014 3:06 PM
To: Madjid Nakhjiri
Cc: oauth@ietf.org
Subject: Re: Dynamic registration draft
With native applications the response from the Authorization server can be
intercepted by other
question is does the OAUTH token or its scope in anyway has anything
to do with HTTPS that would protect the data with the resource server?
Thanks,
Madjid
From: Justin Richer [mailto:jric...@mit.edu]
Sent: Tuesday, July 01, 2014 5:53 PM
To: Madjid Nakhjiri
Cc: John Bradley; oauth@ietf.org
difference, as far as the
> security properties of a grant are concerned, if refresh token was
> only created at a grant to access token exchange point of time ?
>
> Thanks, Sergey
>
> On 27/06/14 19:21, John Bradley wrote:
> > Inline
> >
> > On Jun 27, 2014,
