<div>
'kk what's the plan for PicketLink use amber (https://github.com/picketlink/picketlink/tree/master/oauth/src/main/java/org/picketlink/oauth/amber) or Bill's implementation?
</div>
<div><div><br></div><div>Or both?</div><div><br></div><div><div>-- </div><div>"The measure of a man is what he does with power" - Plato</div><div>-</div><div>@abstractj</div><div>-</div><div>Volenti Nihil Difficile</div></div></div>
<p style="color: #A0A0A8;">On Wednesday, February 20, 2013 at 12:26 PM, Anil Saldhana wrote:</p>
<blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
<span><div><div>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div>Hi Bruno,<br>
I think that is the usecase for implicit grant type in OAuth2.
It is used when the client cannot save any secrets or tokens such
as Javascript applications. <br>
<br>
Regards,<br>
Anil<br>
<br>
On 02/20/2013 05:42 AM, Bruno Oliveira wrote:<br>
</div><blockquote type="cite"><div>
<div> Hi Anil,</div>
<div><br>
</div>
<div>Are you thinking in something like
this? <a href="https://developers.google.com/accounts/docs/OAuth2#clientside">https://developers.google.com/accounts/docs/OAuth2#clientside</a></div>
<div><br>
</div>
<div>If yes, makes sense.</div>
<div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>-- </div>
<div>"The measure of a man is what he does with power" - Plato</div>
<div>-</div>
<div>@abstractj</div>
<div>-</div>
<div>Volenti Nihil Difficile</div>
</div>
</div>
<p style="color: #A0A0A8;">On Tuesday, February 19, 2013 at 11:05
PM, Anil Saldhana wrote:</p><blockquote type="cite"><div>
<span>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 13px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: 2; text-align: -webkit-auto; text-indent:
0px; text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; background-color: rgb(255,
255, 255); ">I am unsure if "implicit" usecase implies
insecure. All it does is</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 13px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: 2; text-align: -webkit-auto; text-indent:
0px; text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; background-color: rgb(255,
255, 255); ">avoids the intermediate</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 13px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: 2; text-align: -webkit-auto; text-indent:
0px; text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; background-color: rgb(255,
255, 255); ">authorization code grant step. It is useful for
Javascript applications</div>
</span> </div></blockquote><br>
</div></blockquote>
</div><div><div>_______________________________________________</div><div>security-dev mailing list</div><div><a href="mailto:security-dev@lists.jboss.org">security-dev@lists.jboss.org</a></div><div><a href="https://lists.jboss.org/mailman/listinfo/security-dev">https://lists.jboss.org/mailman/listinfo/security-dev</a></div></div></div></span>
</blockquote>
<div>
<br>
</div>