Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request

John Bradley Fri, 20 Jan 2012 17:22:45 -0800

+1

Sent from my iPhone


On 2012-01-20, at 8:50 PM, Dick Hardt <dick.ha...@gmail.com> wrote:

> +!
> 
> On Jan 20, 2012, at 4:20 PM, Torsten Lodderstedt wrote:
> 
>> MUST sounds reasonable 
>> 
>> 
>> 
>> Eran Hammer <e...@hueniverse.com> schrieb:
>> The current text:
>>  
>>    If the issued access token scope
>>    is different from the one requested by the client, the authorization
>>    server SHOULD include the "scope" response parameter to inform the
>>    client of the actual scope granted.
>>  
>> Stephen asked why not a MUST. I think it should be MUST. Any disagreement?
>>  
>> EHL
>>  
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request

Reply via email to