Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request

Igor Faynberg Fri, 20 Jan 2012 16:39:47 -0800

+1 for MUST.

In addition, I suggest slight rewarding: "the authorization server MUSTinclude the value of the scope parameter in the response" in place of

"
the authorization
   server SHOULD include the "scope" response parameter
"



I think there is one parameter, scope, right?

Igor


On 1/20/2012 6:50 PM, Dick Hardt wrote:

+!

On Jan 20, 2012, at 4:20 PM, Torsten Lodderstedt wrote:

MUST sounds reasonable



Eran Hammer <e...@hueniverse.com <mailto:e...@hueniverse.com>> schrieb:

    The current text:
       If the issued access token scope
       is different from the one requested by the client, the
    authorization
       server SHOULD include the "scope" response parameter to inform the
       client of the actual scope granted.
    Stephen asked why not a MUST. I think it should be MUST. Any
    disagreement?
    EHL

_______________________________________________
OAuth mailing list
OAuth@ietf.org <mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request

Reply via email to