Re: [OAUTH-WG] More product group review comments on the OAuth 2.0 for Browser-Based Apps spec

> 9.3. Client Impersonation > It is implied that consent granted to public client should not be recorded: >> Even when the user has previously approved an >> authorization request for a given client_id, the request SHOULD be >> processed as if no previous request had been approved, unless the >>

[OAUTH-WG] More product group review comments on the OAuth 2.0 for Browser-Based Apps spec

More comments hot off the presses from a Microsoft product architect... https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-04#section-6.2