The choice of the value "none" for the grant_type parameter in the client-credentials case is confusing. I understand the philosophy behind this choice, but I think that calling it "none" here gives the wrong impression. It almost sounds like it's a deny-request on first glance, or even a revoke request of some type. Furthermore, I'd say that there really is an access grant being made here, but it's implicit, and given to the client directly and not to an end user.
I propose we change this key to "client", "implicit", "direct", or something other than "none" to avoid this kind of confusion. Along with this, I would also like the paragraph in 4.1 describing the usage of this grant type to be pulled into its own (admittedly short) subsection. In this way, someone looking to implement this style of auth will have somewhere concrete to look, bringing this method on par with others in section 4.1. -- Justin _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
