This is true. It's possible for the AS to vary it's behavior on scope name,
but it's presumed the AS and RS have an agreement of what token type is in
play. Likely a good extension to the spec.
________________________________
From: Prabath Siriwardena <prab...@wso2.com>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Sent: Sunday, January 20, 2013 7:28 PM
Subject: [OAUTH-WG] Client cannot specify the token type it needs
Although token type is extensible according to the OAuth core specification -
it is fully governed by the Authorization Server.
There can be a case where a single AS supports multiple token types based on
client request.
But currently we don't have a way the client can specify (or at least suggest)
which token type it needs in the OAuth access token request ?
Is this behavior intentional ? or am I missing something...
Thanks & Regards,
Prabath
Mobile : +94 71 809 6732
http://blog.facilelogin.com
http://RampartFAQ.com
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
