the existing authorization server endpoints (end-user authorization and
tokens endpoint) have a relatively clearly semantics and scope. Adding
distinct new functions to an authorization server will (in my opionion)
require the definition of new endpoints. For example, I'm working on an
I-D for token revocation. Such a function does not fit into the tokens
endpoint since it has become a "token issuance endpoint" rather than a
general purpose client2server endpoint.
I therefore would propose to include the option to define and register
new endpoints into the Extensibility section of the spec. This would
also facilitate the incorporation of additional endpoints (with
well-defined names) into OAuth discovery.
Any thoughts?
regards,
Torsten.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
