> In fact, I've already got a vendor-specific grant type that uses an > unregistered parameter on the token endpoint - it's a simple grant > type for access token introspection [2]. > > [2] > http://documentation.pingidentity.com/display/PF66/Grant+Type+Parameter > s#GrantTypeParameters-1079271
Why are you trying to overload this new functionality onto a URI used for other purposes? Why not just pick a URI specifically for your purpose, eg /as/validate? -- James Manger _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
