Hi, What behavior is expected from the server, if in the query on access_token without "scope" (grant_type=authorization_code&client_id=s6BhdRkqt3&client_secret=gX1fBat3bV&code=i1WsRn1uB1&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fc)?
1. The server must generate access_token for an empty scope. 2. The server must generate access_token for scope, which was approved for access_code. -- Sincerely yours Anton Panasenko Skype: anton.panasenko Phone: +79179838291 Email: anton.panase...@gmail.com, apanase...@me.com
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
