Hey List (Once again using the OAuth 2.1 name as a placeholder for the doc that Aaron, Torsten, and I are working on)
In the security topics doc https://tools.ietf.org/html/draft-ietf-oauth-security-topics-14#section-2.4 The password grant MUST not be used. Some background for those interested. I added this grant into OAuth 2.0 to allow applications that had been provided password to migrate. Even with the caveats in OAuth 2.0, implementors decide they want to prompt the user to enter their credentials, the anti-pattern OAuth was created to eliminate. Does anyone have concerns with dropping the password grant from the OAuth 2.1 document so that developers don't use it? /Dick
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth