N.B: I sent the following email to draft-ietf-oauth-device-f...@tools.ietf.org on 12th April but didn't receive a reply so am reposting here:
--- Hello, I've been working on an implementation of the OAuth 2.0 Device Flow (as described at https://tools.ietf.org/html/draft-ietf-oauth-device-flow-01). Please could the following points please be clarified: Section 3.2: "The client requests an access token by making an HTTP "POST" request to the token endpoint as described in Section 4.1.1 of [RFC6749]" Should this actually say Section 4.1.3 of RFC6749 which is the Access Token Request section for the authorisation code grant? Assuming the above is true, should the `code` parameter POSTed to the authorisation server be the value of the `device_code` parameter returned to the client in the initiating request? Many thanks, Alex Bilbie
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
