Hi Francis, Am 08.04.20 um 23:59 schrieb Francis Pouatcha: > As a replacement of RFC 6749 I am missing a "Direct Grant" with the > same simplicity as the "Resource Owner Password Credentials" grant of > RFC 6749. > > The reason is that browser redirects are too complex and most of the > time badly implemented by small teams. For the sake of having SMEs use > oAuth 2.1 with their limited development capacities, I suggest keeping > the simple "Resource Owner Password Credentials" with an OTP replacing > the permanent password.
How does the Client get the OTP in that case? -Daniel
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
