[Openid-specs-ab] Lite Draft 9
allentomdude at gmail.com
Thu Aug 25 22:00:05 UTC 2011
I'm not disputing that they do this, I'm just curious what their
documentation has to say about it.
On Thu, Aug 25, 2011 at 2:51 PM, Breno de Medeiros <breno at google.com> wrote:
> On Thu, Aug 25, 2011 at 14:25, Allen Tom <allentomdude at gmail.com> wrote:
> > Are there any public docs for the version of the FB signed_request that
> > a hash of the access_token/code, rather than actually containing the
> > access_token?
> I don't think anyone disputes the fact that they include the token
> directly. However, it is my understanding that they do so only with
> tokens that need to be presented with the client secret.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab