Thanks Brian.
I assume for a request which contains multiple "resource" parameters, if
one or more of those are invalid, this should also cause an
"invalid_resource" error?
How about the situation when the request includes a "scope" parameter,
with one or more values which don't match the "resour
Hi William,
How should the AS respond if the refresh token (existing_grant) is found
to be invalid (for any of the listed reasons)? Ignore the client intent
for incremental authZ or return an error code?
Thanks,
Vladimir
On 28/06/18 23:14, internet-dra...@ietf.org wrote:
> A New Internet-Draft
