- changed milestone to Final
- changed component to Core
-
assigned issue to
Core - 2.2.2.7 Redirect URI Fragment Handling
Issue #908
resolved
This section is just talking one way of dealing with Fragment. It is not the most desired way either. (Sending the access token in the fragment to the server is not a good idea. If it wants to do it, it should have used code flow to begin with. This example may give the reader false impression.)
In Hybrid Flow, it makes more sense that it has to send the code to the server.
Proposal: Move the example in section to 2.3.2.7. and change the example to just to send the code.
Comments (2)
-
-
- changed status to resolved
Fixed
#908- Moved Redirection URI fragment handling example to the Implementation Notes section.→ <<cset 4fc404767a89>>
- Log in to comment
We will move this to the Implementation Notes section, also saying that WebCrypto could be used or a JavaScript crypto library.