Den 20. jan. 2012 kl. 21:32 skrev Eran Hammer: > New text added to Access Token Scope section: > > If the client omits the scope parameter when requesting > authorization, the authorization > server MUST process the request using a pre-defined default value, > or fail the request > indicating an invalid scope.
Will this change imply that implementing a more dynamic approach to issuing scopes, such as in example asking the user which scope should be issued to the consumer, will be explicitly disallowed, while it was accepted before this text was added? I think this section of the text does not solve the initial problem that started this thread, and I think it adds unneccessary restrictions. > The authorization server SHOULD document its scope > requirements and default value (if defined). This makes more sense to me. Andreas
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
