+1 to Justin
Could this be handled in the extension spec potentially? Eg calling out
that OAuth has that requirement, but documenting an extension-specific case
that modifies it?
William
*From: *Justin Richer
*Date: *Mon, May 13, 2019 at 11:06 AM
*To: *RFC Errata System
*Cc: *oauth@ietf.org
I
I see the intent of the change but I don’t think this is actually at the level
of an erratum. This seems to be a normative change on a key extension point.
Additionally, with the singleton nature imposed by the current text, there’s a
1:1 mapping between the request parameters and a JSON object,
Indeed but at the same time, it may be needed for the AS to keep it
anyways for compliance purposes.
I have not gone through the thread yet, but here is my brief response
to Torsten's post.
https://nat.sakimura.org/2019/05/12/comments-back-to-transaction-authorization-or-why-we-need-to-re-think-o
