> How would use differentiate between the username and password profile and the > client credentials profile, if you are using Basic or Digest?
Removing the client_secret from both flows still leaves one flow with ‘username’ and ‘password’ POST parameters (of the user, not client), which indicates whether a token acting for the user or client is desired.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
