Because bearer tokens have a stable RFC-numbered spec and are widely implemented and the registration flow as documented seems like it should work? -T
That’s the answer for why there is support for bearer tokens but it is not the answer to why that’s the only supported mechanism. If we want to support stronger security mechanisms (which the group has decided to work on already) then we need to have a story on how to support the other mechanisms as well .
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
