Re: [security-dev] Resteasy 3.0-beta-2 released with OAuth2 support

'kk what's the plan for PicketLink use amber (https://github.com/picketlink/picketlink/tree/master/oauth/src/main/java/...) or Bill's implementation? Or both? -- "The measure of a man is what he does with power" - Plato - @abstractj - Volenti Nihil Difficile On Wednesday, February 20, 2013 at 12:26 PM, Anil Saldhana wrote: > Hi Bruno, > I think that is the usecase for implicit grant type in OAuth2. It > is used when the client cannot save any secrets or tokens such as > Javascript applications. > > Regards, > Anil > > On 02/20/2013 05:42 AM, Bruno Oliveira wrote: >> Hi Anil, >> >> Are you thinking in something like this? >> https://developers.google.com/accounts/docs/OAuth2#clientside >> >> If yes, makes sense. >> >> >> -- >> "The measure of a man is what he does with power" - Plato >> - >> @abstractj >> - >> Volenti Nihil Difficile >> >> On Tuesday, February 19, 2013 at 11:05 PM, Anil Saldhana wrote: >> >>> I am unsure if "implicit" usecase implies insecure. All it does is >>> avoids the intermediate >>> authorization code grant step. It is useful for Javascript applications >> >