"shall use the authorization code grant described in [RFC6749]" could be clearer
Issue #474
resolved
I’ve had more that one person ask me what “shall use the authorization code grant described in [RFC6749]” means - I think it would probably be good to add some reference in this clause to response_type=code
to make it clearer/easier to understand.
Perhaps: “shall use response_type=code
and the authorization code grant as described in [RFC6749]” ?
Comments (6)
-
-
- changed status to open
There is a separate issue on response_type=code id_token
-
-
-
assigned issue to
-
assigned issue to
-
- changed status to resolved
PR merged
-
- changed component to FAPI2: Security Profile
- Log in to comment
I agree. We can be more precise.
We could also state “shall use the authorization code grant (
response_type=code
&grant_type=authorization_code
) described in [RFC6749]".