Hi, the current RFC for OAuth 2.0 (http://www.rfc-editor.org/rfc/rfc6749.txt) is very unclear on *how* to return the scope in the access token response if there are multiple scopes requested/returned.
Could someone please clarify whether the scopes are supposed to be returned as 1. space separated string value (i.e. in the same syntax in which they came in), or 2. as JSON array (looks most "JSON-y"), or 3. in another format (for example github uses ',') There is a related question on stackoverflow: http://stackoverflow.com/questions/13290994/how-should-approved-scopes-be-returned-from-an-oauth2-0 Regards, -- Andreas
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
