-
assigned issue to
Basic - 3.3.1 POST optional for both client and server
Issue #76
resolved
POST is optional for both the client and the server. This is unreliable - how does a client determine if the server supports POST or not? Trial and error is not a good choice.
Comments (3)
-
-
Currently is:
The paramaters may be passed as query paramaters in a GET or as form encoded in a POST. Authorization servers MUST support the use of the HTTP "GET" method as defined in RFC 2616 [RFC2616] and MAY support the "POST" method for the check session endpoint.
Change to:
The paramaters **MAY** be passed as query paramaters in a GET or as form encoded in a POST.
-
- changed status to resolved
fixes
#76 - Log in to comment