Jim Schaad <i...@augustcellars.com> writes:
> As promised I finally got finished with this review.
> 1. Need to decide if /token, /introspect and /authz-info are under
> /.well-defined or not. If they are then this needs to be noted and there
> needs to be an IANA action if this has not already been done for OAuth.
Another option would be more flexible: You could have a well-defined
(and IANA-registered) resource type that allows linking to the token-
introspect and authz-info endpoints. In the /.well-known/core of
as.example.com, you would find
or, in a resource directory, you could link to as.example.com's token
endpoint as follows:
Ace mailing list