Sending to the right place. From: Shiu Fun Poon [mailto:[email protected]] Sent: Wednesday, June 20, 2012 5:40 PM To: [email protected] Subject: [comment] The OAuth 2.0 Authorization Framework draft-ietf-oauth-v2-28
I am not sure whether you are accepting comments for the draft or not. Here are two for your consideration. 1. 2.3.1, it started with "Client Password", and it switches gear to "client_secret" in the "alternative" section. In the description for client_secret, the wording should be changed to "REQUIRED. The client secret. This is the client password and client MAY omit the parameter if the client password is an empty string" 2. 3.1.2.2 (actually the 3.1.2 section). It may worth to call out that this only applies to the authorization code grant or implicit grant, when redirect_uri is used. Since the SHOULD part in 3.1.2.2 does not make sense for client credential, nor resource owner password grant . Regards. Shiufun
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
