[Openid-specs-ab] Lite Draft 9
allentomdude at gmail.com
Mon Aug 22 20:00:09 UTC 2011
Hi Breno -
I don't have much first hand experience with FB's signed_request, but my
understanding is allows FB to return a signed response to an app, so that
the app knows that it came from FB.
The docs don't say that there are two Access Tokens, instead the Access
Token is a signed parameter contained within the signed_request.
My concern regarding the id_token and the CheckSession API is that it could
be confusing to tell developers that the id_token is an Access Token, but
only for the CheckSession API. All other endpoints use the regular Access
On Mon, Aug 22, 2011 at 12:31 PM, Breno de Medeiros <breno at google.com>wrote:
> On Mon, Aug 22, 2011 at 12:05, Allen Tom <allentomdude at gmail.com> wrote:
> > I think it might be confusing to developers to have multiple access
> > I don't think I've seen any other Connect/OAuth type implementations that
> > return multiple access tokens. Are there any examples out there?
> Yes. Facebook Connect uses signed_request as the id_token.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab