Thanks for your useful feedback, Alexey. Below, I'll respond to each of your
comments. I've also added the OAuth working group to the thread, so they are
aware of them as well and can participate in the discussion.
About your first issue with the WWW-Authenticate ABNF, I am already working
wi
There are a couple of cases where you could have a much simpler API than HTTP,
implicit is one of those. All in all though it's easier to leave everything
under the same rules, instead of having to define a new protocol for thing like
implicit.
I think that answers your question?
-bill
___
I would be unhappy if things were sugarcoated any further. This is
definitely a rare specification where OPTIONAL parameters in the API can be
REQUIRED by a conforming implmentation (as I discussed in my note on the
scope parameter for which the proposed modification does not really change
much)
Hi,
My question is, why web hosted resource is needed to extract the access
token?
Thanks for your time.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
