[Openid-specs-ab] Lite Draft 9

Allen Tom allentomdude at gmail.com
Thu Aug 25 19:55:25 UTC 2011


My understanding of FB's implementation is that their equivalent of the
id_token actually contains the access_token, rather than a hash of the
access_token or code.

Is the FB signed_request the equivalent of the id_token?

https://developers.facebook.com/docs/authentication/signed_request/

Allen



2011/8/25 John Bradley <ve7jtb at ve7jtb.com>

>
>
> Facebook is currently doing something like this with there signed request
> tokens where they are including code in the token, or a hash of the access
> token.
> Facebook's implementation is not completely based on OAuth 2 draft 10.   It
> is a bit hard to figure it out from the documentation.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110825/7aa68696/attachment.html>


More information about the Openid-specs-ab mailing list