The error should be invalid_grant as it is the grant (the resource
owner's username and password) that is invalid.
On Tue, Sep 13, 2011 at 10:07 AM, Colm Divilly wrote:
> Apologies if this has been covered before, a cursory search of the archives
> and issue tracker didn't turn up anything.
>
>
Although this isn't related to changes made since -20, it should
probably still be done (unless it's something for the final RFC
editors?) and shouldn't be much of a change.
The example in section 4.5 [1] uses the "old" grant type URI for the
SAML grant type (http://oauth.net/grant_type/saml/2.0/b
Just a general note: you don't need every spec to become a working group item.
If you get an area director to sponsor your draft, you can push it through
sooner as an individual submission. Sometimes you don't even need sponsorship.
I'm not saying this out of any objection to the WG taking on th
+1
On Fri, Sep 16, 2011 at 1:06 PM, Chuck Mortimore
wrote:
> If it's not already implicit by our implementation, I'm voicing our support
> for this becoming a working group item.
>
> - cmort
>
> On Sep 16, 2011, at 12:31 PM, "Torsten Lodderstedt" <
> tors...@lodderstedt.net> wrote:
>
> Hi all,
>
Lots of minor grammar and wording catches here. I apologize if any of these
were already brought up and addressed.
1.2.3, second paragraph: "When issuing an implicit grant, the authorization
server does not authenticate the client and in some cases, the client identity
can be verified..." shoul
I also want to voice support for this. We've implemented an earlier
version of this on a few of our projects as well.
-- Justin
On Fri, 2011-09-16 at 16:06 -0400, Chuck Mortimore wrote:
> If it's not already implicit by our implementation, I'm voicing our
> support for this becoming a working gr
