Token Response

Issue #80 resolved
Pamela Dingle created an issue

In section 5.2.2 of the read-only spec, there is a bullet that says "shall return the token response as defined in 4.1.4 of [RFC6749]". If the only point in this bullet is to require the implementer to follow the RFC 6749 spec, then you should really have a bullet like this for every section of 6749. Was there some particular thing that the spec writers wanted to ensure with this bullet?

If the goal was to ensure that non-conformant token responses are not accepted, perhaps you could say that the Authorization Server "shall only return token responses that conform to section 4.1.4 of [RFC6749]" ?

Comments (2)

  1. Log in to comment