Permalink
Browse files

Merge pull request #7 from oemebamo/topic-rest-oauth-encryption

Topic rest oauth encryption
  • Loading branch information...
2 parents a306bd7 + 8385d8a commit feec945740c767f4eeb3ef2bc882f2b3298f32d7 @bramus committed May 22, 2012
Showing with 4 additions and 1 deletion.
  1. +4 −1 07.restful.apis.html
View
5 07.restful.apis.html
@@ -1203,7 +1203,10 @@ <h3 class="inverted">Rich Internet Applications</h3>
<li class="fragment">In the background, the consumer app must make a request to the OAuth provider with that <code>authorization_code</code>, along with its API-Key (<code>client_id</code>) and secret key (<code>client_secret</code>)</li>
<li class="fragment">The OAuth provider will issue an <code>access_token</code> and <code>refresh_token</code></li>
<li class="fragment">The <code>access_token</code> must passed with all calls made and is valid for a limited time</li>
- <li class="fragment">When the <code>access_token</code> has expired, the consumer app needs to do a call to the OAuth Prodider with the <code>refresh_token</code> to get a new pair <code>access_token</code> &amp; <code>refresh_token</code></li>
+ <li class="fragment">
+ When the <code>access_token</code> has expired, the consumer app needs to do a call to the OAuth Prodider with the <code>refresh_token</code> to get a new pair <code>access_token</code> &amp; <code>refresh_token</code><br />
+ <em>Remark: Treat <a href="http://stackoverflow.com/questions/1878830/securly-storing-openid-identifiers-and-oauth-tokens">OAuth tokens as passwords</a>! (Encrypt!)</em>
+ </li>
</ol>
</li>
</ul>

0 comments on commit feec945

Please sign in to comment.