Re: [security-dev] Resteasy 3.0-beta-2 released with OAuth2 support
'kk what's the plan for PicketLink use amber
(https://github.com/picketlink/picketlink/tree/master/oauth/src/main/java/...)
or Bill's implementation?
Or both?
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
On Wednesday, February 20, 2013 at 12:26 PM, Anil Saldhana wrote:
Hi Bruno,
I think that is the usecase for implicit grant type in OAuth2. It is used when the
client cannot save any secrets or tokens such as Javascript applications.
Regards,
Anil
On 02/20/2013 05:42 AM, Bruno Oliveira wrote:
> Hi Anil,
>
> Are you thinking in something like this?
https://developers.google.com/accounts/docs/OAuth2#clientside
>
> If yes, makes sense.
>
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
>
>
> On Tuesday, February 19, 2013 at 11:05 PM, Anil Saldhana wrote:
>
> > I am unsure if "implicit" usecase implies insecure. All it does is
> > avoids the intermediate
> > authorization code grant step. It is useful for Javascript applications
> >
>
>
_______________________________________________
security-dev mailing list
security-dev(a)lists.jboss.org (mailto:security-dev@lists.jboss.org)
https://lists.jboss.org/mailman/listinfo/security-dev
Attachments:
- attachment.html (text/html — 4.3 KB)