I agree. OAuth works for 3rd as well as 1st parties as well. > On 28. Aug 2020, at 05:26, Dima Postnikov <d...@postnikov.net> wrote: > > Hi, > > Can "third-party" term be removed from the specification? > > The standard and associated best practices apply to other applications that > act on behalf of a resource owner, too (internal, "first-party" and etc). > > Regards, > > Dima > > The OAuth 2.1 authorization framework enables a third-party > > application to obtain limited access to an HTTP service, either on > behalf of a resource owner by orchestrating an approval interaction > between the resource owner and the HTTP service, or by allowing the > third-party application to obtain access on its own behalf. This > specification replaces and obsoletes the OAuth 2.0 Authorization > Framework described in > RFC 6749. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth