Hi William, How should the AS respond if the refresh token (existing_grant) is found to be invalid (for any of the listed reasons)? Ignore the client intent for incremental authZ or return an error code?
Thanks, Vladimir On 28/06/18 23:14, internet-dra...@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > Title : OAuth 2.0 Incremental Authorization > Author : William Denniss > Filename : draft-ietf-oauth-incremental-authz-00.txt > Pages : 8 > Date : 2018-06-28 > > Abstract: > OAuth 2.0 authorization requests that include every scope the client > might ever need can result in over-scoped authorization and a sub- > optimal end-user consent experience. This specification enhances the > OAuth 2.0 authorization protocol by adding incremental authorization, > the ability to request specific authorization scopes as needed, when > they're needed, removing the requirement to request every possible > scope that might be needed upfront. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-incremental-authz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-oauth-incremental-authz-00 > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-incremental-authz-00 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
