> I would like to rename the authorization endpoint to the user endpoint. Any > objections?
Sounds ok. An Authorization server offers token endpoints and user endpoints. Can we change "resource owner" to "user" where applicable. Hence, a user get directed to a user endpoint. Suggested new text for 3.1 "Authorization Endpoint": "3.1 User endpoint "A client app directs a user to a user endpoint at the authorization server to approve the client’s access. The authorization server MUST authenticate the user and obtain their approval, though the way this is achieved is beyond the scope of this specification (eg password, OpenID, session cookie). "A client app can obtain a user endpoint from a WWW-Authenticate HTTP response header returned by a resource server when it indicates that OAuth is required (see section 9.1.2). Some client apps may already know a user endpoint from server documentation. "A user endpoint advertised by a resource server may already include query parameters, which MUST be retained when the client adds other query parameters. "A user endpoint SHOULD be an HTTPS URI (or require a secure channel with equivalent protections) as interactions with a user endpoint involve user authentication and the transmission of sensitive values." -- James Manger _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
