Yes, and: protocol names should be part of the scope names, but I can
imagine so many use cases for finer-grained access. Many clients might
want read-only access to something like calendar or email data, and the
user might find it safer to grant read-only access than full access. As
always, ther
Hi Neil, I mentioned in the zulip chat that I rather like the idea of using protocol names as scopes, but that maybe you'd want them to be finer grained.On second pass, I'm wondering if it'd make sense to expose a list of supported resources & protocols for the authorization server, not just relyin
Hi George,
Thanks for the feedback.
> Section 1.1
> * is there a reason that only email address based login identifiers are
> supported? It seems like this profile could be used for other use cases as
> well.
No, this should just be username. (It is of course likely to be an email
address, bu
