I'm looking to close out this topic. I heard that Brian and Vittorio shared some points of view in the office hours, and wanted to confirm:
+ Remove implicit flow from OAuth 2.1 and continue to highlight that grant types are an extension mechanism. For example, if OpenID Connect were to be updated to refer to OAuth 2.1 rather than OAuth 2.0, OIDC could define the implicit grant type with all the appropriate considerations. ᐧ On Tue, Feb 18, 2020 at 10:49 PM Dominick Baier <dba...@leastprivilege.com> wrote: > No - please get rid of it. > > ——— > Dominick Baier > > On 18. February 2020 at 21:32:31, Dick Hardt (dick.ha...@gmail.com) wrote: > > Hey List > > (I'm using the OAuth 2.1 name as a placeholder for the doc that Aaron, > Torsten, and I are working on) > > Given the points Aaron brought up in > > https://mailarchive.ietf.org/arch/msg/oauth/hXEfLXgEqrUQVi7Qy8X_279DCNU > > > Does anyone have concerns with dropping the implicit flow from the OAuth > 2.1 document so that developers don't use it? > > /Dick > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
