The current text:
If the issued access token scope
is different from the one requested by the client, the authorization
server SHOULD include the scope response parameter to inform the
client of the actual scope granted.
Stephen asked why not a MUST. I think it should be MUST. Any
MUST sounds reasonable
Eran Hammer e...@hueniverse.com schrieb:
The current text:
If the issued access token scope
is different from the one requested by the client, the authorization
server SHOULD include the scope response parameter to inform the
client of the actual
+!
On Jan 20, 2012, at 4:20 PM, Torsten Lodderstedt wrote:
MUST sounds reasonable
Eran Hammer e...@hueniverse.com schrieb:
The current text:
If the issued access token scope
is different from the one requested by the client, the authorization
server SHOULD include the
+1 for MUST.
In addition, I suggest slight rewarding: the authorization server MUST
include the value of the scope parameter in the response in place of
the authorization
server SHOULD include the scope response parameter
I think there is one parameter, scope, right?
Igor
On
+1
Sent from my iPhone
On 2012-01-20, at 8:50 PM, Dick Hardt dick.ha...@gmail.com wrote:
+!
On Jan 20, 2012, at 4:20 PM, Torsten Lodderstedt wrote:
MUST sounds reasonable
Eran Hammer e...@hueniverse.com schrieb:
The current text:
If the issued access token scope
is