+! On Jan 20, 2012, at 4:20 PM, Torsten Lodderstedt wrote:
> MUST sounds reasonable > > > > Eran Hammer <[email protected]> schrieb: > The current text: > > If the issued access token scope > is different from the one requested by the client, the authorization > server SHOULD include the "scope" response parameter to inform the > client of the actual scope granted. > > Stephen asked why not a MUST. I think it should be MUST. Any disagreement? > > EHL > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
