On Fri, May 8, 2020 at 12:42 PM Aaron Parecki <aa...@parecki.com> wrote:
> > FYI: An objective of OAuth 2.1 is not to introduce anything new -- it is > OAuth 2.0 with best practices. > > The line there is kind of fuzzy. The objective is not to introduce new > concepts, however there are some changes defined that are "breaking > changes" from plain OAuth 2.0, because those things being removed were not > best practices for example. > I was clarifying that OAuth 2.1 is not introducing new features, for eg. the WebSocket support question. I think we can say that: An OAuth 2.0 compliant deployment following "best practices" is also an OAuth 2.1 compliant deployment. This thread is a discussion of what "best practices" is.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
