It is my understanding that access token response may contain other parameters than what is stated there. Sometimes, mutually understanding server and client may want to exchange other parameters on top of it and is legitimate, IMHO.
Is this understanding correct? -- Nat Sakimura (=nat) http://www.sakimura.org/en/ http://twitter.com/_nat_en _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
