Hi Justin,
the drafts looks very good.
Just some questions/comments from my side:
section 1.4
How is the client supposed to identify/distinguish authorization
servers? Based on the Client Registration Endpoint URI? Authorization
server identification is necessary in order to map client_ids t
John/Josh,
I am afraid it is still not clear to me what is the value of implicit client
dynamic registration. If you allow dynamic registration of a client, each
client, then each client can specify random redirect_uri's. This would seem to
be a major issue. The whole point behind implicit flo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Vincent,
from a pure standardization point of view that draft is long expired.
This document was initially created because the device profile was one of the
least mature parts of the OAuth 2.0 protocol. We were hoping to gain a bit more
deplo
Hi all,
I'm looking for the most suitable solution to grant the access token for
accessing our cloud service API for clients which is a windows application
with no internet browsing capability itself (though it can be installed on
a PC with access to internet). After some research, it seems the de
