Hi
2.1. Client Password Credentials First example: POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&client_id=s6BhdRkqt3&code=i1WsRn1uB1& redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb Why does this contain the client identifier twice? Once in the body (in urlencoded form), once in the Authorization header. What's the appropriate behavior when these don't match? thanks lvh
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
