Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request

John Bradley Fri, 20 Jan 2012 17:22:45 -0800

+1

Sent from my iPhone


On 2012-01-20, at 8:50 PM, Dick Hardt <[email protected]> wrote:

> +!
> 
> On Jan 20, 2012, at 4:20 PM, Torsten Lodderstedt wrote:
> 
>> MUST sounds reasonable 
>> 
>> 
>> 
>> Eran Hammer <[email protected]> schrieb:
>> The current text:
>>  
>>    If the issued access token scope
>>    is different from the one requested by the client, the authorization
>>    server SHOULD include the "scope" response parameter to inform the
>>    client of the actual scope granted.
>>  
>> Stephen asked why not a MUST. I think it should be MUST. Any disagreement?
>>  
>> EHL
>>  
>> _______________________________________________
>> OAuth mailing list
>> [email protected]
>> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] SHOULD vs MUST for indicating scope on response when different from client request

Reply via email to