My primary gripe is with people claiming that oauth doesnt solve a problem. That simply providing a single header is all that is requited. That OAuth is too hard.
OAuth is a set of flows for obtaining tokens. These toekns are, by definition, bound to an application-user grant.
The rest is implementation details.
Which flow are you referring to as being succeptible to mitm attack?
OAuth is a set of flows for obtaining tokens. These toekns are, by definition, bound to an application-user grant.
The rest is implementation details.
Which flow are you referring to as being succeptible to mitm attack?