[Openid-specs-ab] Lite Draft 9
Allen Tom
allentomdude at gmail.com
Thu Aug 25 19:55:25 UTC 2011
My understanding of FB's implementation is that their equivalent of the
id_token actually contains the access_token, rather than a hash of the
access_token or code.
Is the FB signed_request the equivalent of the id_token?
https://developers.facebook.com/docs/authentication/signed_request/
Allen
2011/8/25 John Bradley <ve7jtb at ve7jtb.com>
>
>
> Facebook is currently doing something like this with there signed request
> tokens where they are including code in the token, or a hash of the access
> token.
> Facebook's implementation is not completely based on OAuth 2 draft 10. It
> is a bit hard to figure it out from the documentation.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110825/7aa68696/attachment.html>
More information about the Openid-specs-ab
mailing list