Thanks for your useful review, Eric. Proposed resolutions to all comments are
inline prefixed by "Mike>".
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Eric Rescorla
Sent: Sunday, September 3, 2017 3:26 PM
To: oauth@ietf.org
Subject: [OAUTH-WG] AD Review: draft-ietf-oauth-discovery-06
Hi all,
I was wondering if anyone considered using OAuth for password resets. Or maybe
this is common practice, I don’t know.
My line of thinking is that a password is "just-another-resource" that is
stored at a resource server.
So the resource server requires an access token for anyone/any cli
