Registration - 2.1 Should mention about OAuth Bearer Authz Scheme
Issue #587
resolved
It is probably better to add some wording around the usage of the Bearer spec to protected the registration records. It is in the top-level section 2, but it is easier to read if it were stated with the request as well.
Comments (3)
-
-
-
assigned issue to
-
assigned issue to
-
- changed status to resolved
- Log in to comment
The bearer token access is intended for the associate and not for the other actions. It is intended to limit the generation of new client_id to registered parties, and is optional.
So it doesn't protect the records as such.
We can add more explanation to the request.