Implicit 2.2.3 and 2.2.4 - Tony Nadalin's comments on End-User Authentication and Consent
Issue #741
resolved
In his review comments, Tony wrote that it was odd to have sections on End-User Authentication and Consent since in an implicit flow the end-user is not authenticated.
We should discuss this potential inconsistency with OAuth.
Comments (2)
-
-
reporter - changed status to resolved
I believe your comment has explained the confusion, John.
- Log in to comment
In implicit the user is authenticated by the as. It is the client that is not authenticated by the as, only identified via the redirect uri.
What is Tonys issue?