On Thu, Jan 20, 2011 at 9:41 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > Forgot to mention that I don't have any outstanding comments in my queue so > if your feedback was not incorporated into -12, and you feel strongly about > it, bring it up again.
>From an older email, adapted to v12: 1. The token_type parameter is required in responses from the server. If the server supports multiple formats, which one will be used? In this case, would it make sense to allow the client to request a specific format? For example, if the authorization server supports both MAC and BEARER, which one will the server issue? 2. Section 8.2. What about applications using legacy parameters? Does not make much sense to register them, and they cannot be changed to x_. Broken record: using a prefix for all registered parameters is much cleaner (as opposed to requiring that all no-registered parameters use a prefix). For Google it is impossible to comply with this requirement. Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
