Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
httpsig and short-lived bearer tokens as alternative to sharedSecret (#…
…98) * OAuth code as alternative to sharedSecret This would allow for some more modern security best practices like pre-registering clients and making the access token short-lived and client-bound * whitespace * typo * GNAP instead of OAuth 2.0 Authorization Code flow GNAP is more appropriate here because it makes way less assumptions about the interaction (in particular it doesn't assume the use of browser redirects) * camel case * simplify from GNAP to httpsig+bearer * clarify language * `<OCM endpoint>/token`
- Loading branch information