I agree. OAuth works for 3rd as well as 1st parties as well. 

> On 28. Aug 2020, at 05:26, Dima Postnikov <d...@postnikov.net> wrote:
> 
> Hi,
> 
> Can "third-party" term be removed from the specification?
> 
> The standard and associated best practices apply to other applications that 
> act on behalf of a resource owner, too (internal, "first-party" and etc).
> 
> Regards,
> 
> Dima
> 
> The OAuth 2.1 authorization framework enables a third-party
> 
>    application to obtain limited access to an HTTP service, either on
>    behalf of a resource owner by orchestrating an approval interaction
>    between the resource owner and the HTTP service, or by allowing the
>    third-party application to obtain access on its own behalf.  This
>    specification replaces and obsoletes the OAuth 2.0 Authorization
>    Framework described in 
> RFC 6749.
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to