On Thu, Apr 21, 2011 at 9:26 AM, Doug Tangren wrote:
> According to http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.2.2
> it doesn't look like clients of the implicit oauth2 flow should receive a
> refreshing token although it looks like the access token can optionally have
> an expire
Melinda,
My comments are inline.
With thanks,
Zachary
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Melinda Shore
Sent: Tuesday, April 19, 2011 7:29 PM
To: oauth@ietf.org
Subject: [OAUTH-WG] Use cases document review
At the oauth session a
On Tue, Apr 12, 2011 at 7:27 AM, Andrew Arnott wrote:
> I brought this concern up about a year ago. Now reviewing the latest
> drafts, I still have a concern with it. It is regarding the use of
> client_id without a password. I agree with section 3, as included below:
> Section 3. Client Authen
Is this required or not? In the example
http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-3.1 it's listed in
the example but not itemized as optional or required. It's not in the
example for refreshing tokens
http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-6 though that
section li
There are three issues in the tracker that are just looking for
consensus on text that's in the document -- Eran had flagged them as
"pending consensus" in the -15 version. Let's look at closing those
issues now. The issues are
#8 4.1.2.1 and 4.2.2.1, text for 4xx or 5xx HTTP status code
ht
