Although token type is extensible according to the OAuth core specification - it is fully governed by the Authorization Server.
There can be a case where a single AS supports multiple token types based on client request. But currently we don't have a way the client can specify (or at least suggest) which token type it needs in the OAuth access token request ? Is this behavior intentional ? or am I missing something... Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
