RFC6749 allows scopes to be presented at the token endpoint for cases like client credentials grants.
It's not clear how this could be achieved with the current RAR spec though when a Client using Client Credentials wants to request fine grained access using authorization_details. Or should this even be possible? Matt
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
