Hi, What behavior is expected from the server, if in the query on access_token without "scope" (grant_type=authorization_code&client_id=s6BhdRkqt3&client_secret=gX1fBat3bV&code=i1WsRn1uB1&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fc)?
1. The server must generate access_token for an empty scope. 2. The server must generate access_token for scope, which was approved for access_code. -- Sincerely yours Anton Panasenko Skype: anton.panasenko Phone: +79179838291 Email: [email protected], [email protected]
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
