Drop the 'scope' parameter as well and we're on the same page. EHL
> -----Original Message----- > From: Brian Eaton [mailto:bea...@google.com] > Sent: Thursday, April 22, 2010 12:36 PM > To: Eran Hammer-Lahav > Cc: John Kemp; OAuth WG > Subject: Re: [OAUTH-WG] 'Scope' parameter proposal > > On Thu, Apr 22, 2010 at 12:07 PM, Eran Hammer-Lahav > <e...@hueniverse.com> wrote: > > If we are not going to enable a client to access a protected resource > > hosted by an unfamiliar server, we need to stop pretending this > > (alone) is about interop. In other words, if we take this approach we > > are mandating paperwork to make the protocol work, at least based on > > this single specification. We can also drop advertising the authorization > > and > token endpoints in a 401 or really *any* parameter in a WWW-Authenticate > response. > > I think dropping the advertisements is the right thing to do. > > I'm hopeful that either PoCo or the IMAP SASL/OAuth work ends up showing > how automatic interop is possible. > > But I'd hate to have OAuth2 recommend something that doesn't actually > work. > > Cheers, > Brian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
