[Openid-specs-ab] Lite Draft 9
allentomdude at gmail.com
Thu Aug 25 19:55:25 UTC 2011
My understanding of FB's implementation is that their equivalent of the
id_token actually contains the access_token, rather than a hash of the
access_token or code.
Is the FB signed_request the equivalent of the id_token?
2011/8/25 John Bradley <ve7jtb at ve7jtb.com>
> Facebook is currently doing something like this with there signed request
> tokens where they are including code in the token, or a hash of the access
> Facebook's implementation is not completely based on OAuth 2 draft 10. It
> is a bit hard to figure it out from the documentation.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab