It's not verifiable, but it is as useful in this case as a "user agent"
string. Not usefule formt he security perspective, but has some utility
in application tracking.
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On
Behalf Of Andrew Arno
Seems like adding, "It's RECOMMENDED that this parameter be included if the
access grant's scope differs from the requested scope." would be useful
implementation advice in 3.1.
On Fri, Jul 2, 2010 at 9:27 AM, Eran Hammer-Lahav wrote:
> Scope is an optional feature of a protocol. The server is f
I'm also of the opinion that a protected resource can use the request
parameters to differentiate between 1.0 and 2.0.
On Sat, Jul 3, 2010 at 3:27 AM, Rob Richards wrote:
> On that note are there any guidelines, howtos, etc.. on writing a spec?
>
I'd recommend focusing on just writing the text a
No issue. I didn't consider invalid-grant, but reading it more carefully I
should have. Yes, the distinction I was looking for is there.
Thanks.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Sun, Jul 4, 20
