Currently there are two different ways a client can send credentials, as specified in section 3.1, and: "The authorization server MUST accept the client credentials using both the request parameter, and the HTTP Basic authentication scheme."
I know there was a long thread on this subject, but I cannot recall the reasoning. Can someone summarize it? How many of the existing OAuth 2 server implementations out there currently support both methods? Thanks, Marius _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
