Thanks for the quick response Mike. Good to know I understand specs once in awhile.
/Dick On Tue, Nov 14, 2017 at 5:14 PM, Mike Jones <michael.jo...@microsoft.com> wrote: > Good catch. The authorization_endpoint should only be required if flows > are supported that need it. Our old favorite, the Resource Owner Password > Credentials flow doesn’t use it, correct? Likewise, the Client Credentials > flow doesn’t. I’ll plan to make appropriate updates in -08. > > > > -- Mike > > > > *From:* Dick Hardt [mailto:dick.ha...@gmail.com] > *Sent:* Tuesday, November 14, 2017 5:02 PM > *To:* oauth@ietf.org; Mike Jones <michael.jo...@microsoft.com> > *Subject:* Question on REQUIRED metadata in https://tools.ietf.org/html/ > draft-ietf-oauth-discovery-07 > > > > I was reviewing https://tools.ietf.org/html/draft-ietf-oauth-discovery-07 > and noticed that in https://tools.ietf.org/html/draft-ietf-oauth- > discovery-07#section-2 that authorization_endpoint is REQUIRED. > > > > I am working on deployments that are two-legged OAuth where there is > no authorization_endpoint, but having a discovery document would be super > useful. > > > > Additionally, in https://tools.ietf.org/html/draft-hardt-oauth- > distributed-00, discovery would be useful, but there may not be > an authorization_endpoint may not be needed in the authorization server as > it is a two legged OAuth flow (ie, there is no user granting permission, > the client is requesting an access token to use at resources) > > > > Is there a reason why authorization_endpoint is REQUIRED? > > > > /Dick > > > -- Subscribe to the HARDTWARE <http://hardtware.com/> mail list to learn about projects I am working on!
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
