668
edits
Changes
→Hybrid
=== Hybrid ===
With OAuth 2.0, because API calls do not require the use of the consumer's master secret, a hybrid approach is possible: the credential negotiation and token refresh are mediated by a web-based server, while the user token remain on the user's device and the API calls are made directly from there.
== Major OAuth Providers ==