-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2011-06-28 18:05, Brian Campbell wrote:
invalid_grant seems like the appropriate error as the username and
password are the grant in the context of the Resource Owner Password
Credentials flow/grant type.
What should the HTTP status code be?
This is a much clearer draft, thanks. I'm looking at support for this at
the moment and are wondering is there much implementer experience to
date with bearer tokens, and/or how stable the wg think the draft is at
this point?
Bill
On 23/06/11 01:53, Mike Jones wrote:
I’ve published draft 06
Maybe this is already a known issue but it just occurred to me that
this draft probably needs to have an IANA Considerations section that
registers the parameters that it defines per registry defined in the
core OAuth spec [1] - assertion, client_assertion_type,
client_assertion.
[1]