[Openid-specs-ab] Transient Client Secret Extension for OAuth

Nat Sakimura sakimura at gmail.com
Sun Jul 28 19:39:21 UTC 2013

As some of you knows, passing the code securely to a native app on iOS
platform is next to impossible. Malicious application may register the same
custom scheme as the victim application and hope to obtain the code, whose
success rate is rather high.

We have discussed about it during the OpenID Conenct Meeting at IETF 87
today, and I have captured the discussion in the form of I-D. It is pretty
short and hopefully easy to read.

You can find it at:


Comments are welcome.

Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130729/c861cbd5/attachment.html>

More information about the Openid-specs-ab mailing list