<div dir="ltr">An example could go a long way here. The usual concern is that a mobile application has been assigned client credentials "at the factory", and every copy ("instance") downloaded at the App Store carries the exact same credentials -- that is, it's a kind of clone. (I'm writing this without having looked at the phrase in context, so I'm not sure if that's what was meant...)</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr">
<p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl<br>Join our <a href="http://forgerock.org/openuma/" target="_blank">ForgeRock.org OpenUMA</a> community!</p></div></div></div></div></div>
<br><div class="gmail_quote">On Sat, Nov 28, 2015 at 12:29 AM, Danny van Leeuwen <span dir="ltr"><<a href="mailto:danny@health-hats.com" target="_blank">danny@health-hats.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><p style="margin:0in;line-height:21pt"><a href="http://openid.bitbucket.org/HEART/openid-heart-oauth2.html#rfc.section.2.1.1" target="_blank"><span style="font-weight:bold;font-family:verdana;font-size:14pt">2.1.1.</span></a><span style="font-weight:bold;font-family:verdana;font-size:14pt;color:black"> </span><a href="http://openid.bitbucket.org/HEART/openid-heart-oauth2.html#FullClient" target="_blank"><span style="font-weight:bold;font-family:verdana;font-size:14pt">Full Client with
User Delegation</span></a></p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<p style="margin:0in;font-family:Calibri;font-size:9pt;color:rgb(89,89,89)">From
<<a href="http://openid.bitbucket.org/HEART/openid-heart-oauth2.html" target="_blank">http://openid.bitbucket.org/HEART/openid-heart-oauth2.html</a>>
</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt">The authorization
code flow is supported only for confidential clients. Examples of this client
type include web applications and native applications that can store
installation-instance-specific client credentials securely. Client credentials
MUST NOT be shared among <span style="background:yellow">instances</span>
[<span style="font-weight:bold">separate</span> or<span style="font-weight:bold"> discreet </span>instances?] of a given piece of client software.</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<p style="margin:0in;font-family:Calibri;font-size:9pt;color:rgb(89,89,89)">From
<<a href="http://openid.bitbucket.org/HEART/openid-heart-oauth2.html" target="_blank">http://openid.bitbucket.org/HEART/openid-heart-oauth2.html</a>> </p><span class="HOEnZb"><font color="#888888"><div><br></div>-- <br><div><font color="#330099">Danny van Leeuwen<br><a href="tel:617-304-4681" value="+16173044681" target="_blank">617-304-4681</a><br></font><div><b><font color="#330099"><br></font></b><div><b><font color="#330099">Blog <a href="http://www.health-hats.com/" target="_blank">www.health-hats.com</a> <i><span style="font-size:8pt;font-family:'Arial Black',sans-serif">discovering the magic levers of best health</span></i></font></b></div></div><div><b><font color="#330099">Twitter </font></b><b><font color="#330099"><i><span style="font-size:8pt;font-family:'Arial Black',sans-serif">@healthhats</span></i></font></b></div></div>
</font></span></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br></div>