[Openid-specs-ab] Lite Draft 9

Allen Tom allentomdude at gmail.com
Thu Aug 25 22:00:05 UTC 2011

I'm not disputing that they do this, I'm just curious what their
documentation has to say about it.


On Thu, Aug 25, 2011 at 2:51 PM, Breno de Medeiros <breno at google.com> wrote:

> On Thu, Aug 25, 2011 at 14:25, Allen Tom <allentomdude at gmail.com> wrote:
> > Are there any public docs for the version of the FB signed_request that
> uses
> > a hash of the access_token/code, rather than actually containing the
> entire
> > access_token?
> I don't think anyone disputes the fact that they include the token
> directly. However, it is my understanding that they do so only with
> tokens that need to be presented with the client secret.
> >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110825/14539e19/attachment.html>

More information about the Openid-specs-ab mailing list