Encryption password
shawm11 opened this issue · comments
shawm11 commented
Who is supposed to create and store the encryption password? Is it generated by the server (service provider) or the app (client)? Or is it the user's (resource owner's) password?
shawm11 commented
It seems that the encryption password is supposed to be generated and stored by the server (service provider) and kept secret. The encryption password is not shared with the app (client) or the user (resource owner).