No one is saying we shouldn’t.
What I said was that Connect will consider refactoring it’s discovery to be
based on the IETF version once there is one if it is posable.
If it is not posable for Connect to use the OAuth discovery from this WG then
that would be a fail.
I think we are in agreeme
No disagreement. I’m sure that the working group will add features to address
functionality needed for some common use cases that are not needed by OpenID
Connect. Indeed, the three authors have already done so – adding endpoints for
token revocation and token introspection. Other additions a
+1
[quote]
>
> I would like to understand these broader requirements, use cases, and
> security considerations first.
>
>
>
> Phil
>
[\quote]
OAuth is being used in a *much* broader set of use-cases and contexts than
OpenID connect.
I think its very important to have a solution that ad
