"shall use the authorization code grant described in [RFC6749]" could be clearer
Issue #474
resolved
I’ve had more that one person ask me what “shall use the authorization code grant described in [RFC6749]” means - I think it would probably be good to add some reference in this clause to response_type=code to make it clearer/easier to understand.
Perhaps: “shall use response_type=code and the authorization code grant as described in [RFC6749]” ?
Comments (6)
-
-
- changed status to open
There is a separate issue on response_type=code id_token
-
-
-
assigned issue to
Dave Tonge
-
assigned issue to
-
- changed status to resolved
PR merged
-
- changed component to FAPI2: Security Profile
- Log in to comment
- Assignee
- Type
- Priority
- Status
- resolved
- Component
- FAPI2: Security Profile
- Milestone
- –
- Votes
- 0
- Watchers
- 1
I agree. We can be more precise.
We could also state “shall use the authorization code grant (
response_type=code&grant_type=authorization_code) described in [RFC6749]".