Hello Aaron,
> As much as I would love to require that all authorization requests are > initiated via a back channel, that is unfortunately not something that is > in scope of the current OAuth 2.1 document. > > The OAuth 2.0 Security BCP and this document require strict redirect URI > matching, which should help simplify the AS, since simple string matching > is sufficient now. > Not sure it is a good idea to limit scope oAuth 2.1 on existing functionality of oAuth 2.0 unless we are planning an oAuth 3.0 soon. -- Francis Pouatcha Co-Founder and Technical Lead at adorys https://adorsys-platform.de/solutions/
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
