Jim Schaad <i...@augustcellars.com> writes:

> As promised I finally got finished with this review.
> 1.  Need to decide if /token, /introspect and /authz-info are under
> /.well-defined or not.  If they are then this needs to be noted and there
> needs to be an IANA action if this has not already been done for OAuth.

Another option would be more flexible: You could have a well-defined
(and IANA-registered) resource type that allows linking to the token-
introspect and authz-info endpoints. In the /.well-known/core of
as.example.com, you would find


or, in a resource directory, you could link to as.example.com's token
endpoint as follows:



Ace mailing list

Reply via email to