- changed status to open
Token Response
Issue #80
resolved
In section 5.2.2 of the read-only spec, there is a bullet that says "shall return the token response as defined in 4.1.4 of [RFC6749]". If the only point in this bullet is to require the implementer to follow the RFC 6749 spec, then you should really have a bullet like this for every section of 6749. Was there some particular thing that the spec writers wanted to ensure with this bullet?
If the goal was to ensure that non-conformant token responses are not accepted, perhaps you could say that the Authorization Server "shall only return token responses that conform to section 4.1.4 of [RFC6749]" ?
Comments (7)
-
-
- changed status to resolved
Fixed in : → <<cset 9c574e2a9c20>>
-
- changed component to Part 1: Baseline
-
- changed component to FAPI 1 - Part 1: Baseline
-
- changed component to FAPI 1 – Part 1: Baseline
-
- changed component to FAPI 1 – Baseline
-
- changed component to FAPI 1: Baseline
- Log in to comment
WG callers on March 29 agreed on it. Pam is making the pull request.