> >> 1.3/1.4/1.5: Consider switching order to Authorization Grant, Access Token, > >> Refresh Token > > >Not sure. What do others think? I put access token first because it is a > >more important term to get out of the >way. > > I would rather consider to change order to Access Token, Refresh Token, > Authorization Grant since the first two are the core OAuth concepts > developers must become familiar with. Authorization grants are "just" an mean > to an end to get the token for certain client types. Moreover, I expect the > number of authorization grants to increase over time.
You have to use *some* kind of authorization grant to get any kind of token, and this part of the OAuth spec is all about "how to get a token in a programmatic way". I agree that there will be many more types of auth grants in the future, and that's why I think it should be the first concept in the list. I can see the logic of putting both token types first (though I still prefer the auth grant first), but having the auth grant in between the two token types is definitely a bad idea. -- Justin _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
