Just noticed an extra "and" in Draft 26 Sec 4.1.3 redirect_uri REQUIRED, if the "redirect_uri" parameter was included in the authorization request as described in Section 4.1.1, and their values MUST be identical.
Eliminating the and would be better. It would also be clearer if broken up into separate statements. redirect_uri REQUIRED, if the "redirect_uri" parameter was included in the authorization request as described in Section 4.1.1. The value MUST be identical to the value of the "redirect_uri" parameter that was included in the authorization request. I had someone ask for clarification on what that was trying to say, so thought I would mention it. John B.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth