there are some emerging mechanisms for offline verification that don't require AS in the OAuth WG. (I'm working on one of them)
there are some emerging mechanisms for offline verification that don't require AS in the OAuth WG. (I'm working on one of them)