+! On Jan 20, 2012, at 4:20 PM, Torsten Lodderstedt wrote:
> MUST sounds reasonable > > > > Eran Hammer <e...@hueniverse.com> schrieb: > The current text: > > If the issued access token scope > is different from the one requested by the client, the authorization > server SHOULD include the "scope" response parameter to inform the > client of the actual scope granted. > > Stephen asked why not a MUST. I think it should be MUST. Any disagreement? > > EHL > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth