#2. Asking for scope on the access token call can only reduce the already approved scope.
EHL From: [email protected] [mailto:[email protected]] On Behalf Of Anton Panasenko Sent: Friday, November 26, 2010 10:54 AM To: [email protected] Subject: [OAUTH-WG] OAuth 2.0 server behavior Hi, What behavior is expected from the server, if in the query on access_token without "scope" (grant_type=authorization_code&client_id=s6BhdRkqt3&client_secret=gX1fBat3bV&code=i1WsRn1uB1&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fc)? 1. The server must generate access_token for an empty scope. 2. The server must generate access_token for scope, which was approved for access_code. -- Sincerely yours Anton Panasenko Skype: anton.panasenko Phone: +79179838291 Email: [email protected]<mailto:[email protected]>, [email protected]<mailto:[email protected]>
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
