> On Sep 9, 2011, at 15:31, "André DeMarre"
> wrote:
>
> > Greetings Everyone,
> >
> > I hope the draft isn't too far along for these comments.
> > (draft-ietf-oauth-v2-21)
> >
> > 1. AUTHORIZATION CODE RESTRICTIONS
> >
> > The specification (particularly Section 4.1) does not say if the
> > au
I overlooked section 10.5 paragraph 3, which addresses my first point
below, but I think enforcing single use authentication codes should
also be included at the bottom of section 4.1.3 in the "authorization
server MUST" list. Proposed text for item 3: "verify that the
authorization code is valid a
Sending to the right address.
EHL
On Sep 9, 2011, at 15:31, "André DeMarre" wrote:
> Greetings Everyone,
>
> I hope the draft isn't too far along for these comments.
> (draft-ietf-oauth-v2-21)
>
> 1. AUTHORIZATION CODE RESTRICTIONS
>
> The specification (particularly Section 4.1) does not s
