hi Aaron On Jul 7, 2015, at 6:23 AM, Aaron Parecki <aa...@parecki.com<mailto:aa...@parecki.com>> wrote:
Section 5.2 lists the possible errors the authorization server can return for an access token request. In the list is "invalid_scope", which as I understand it, can only be returned for a "password" or "client_credentials" grant, since scope is not a parameter of an "authorization_code" grant. why not :) ? From https://tools.ietf.org/html/rfc6749#section-4.1.1 scope OPTIONAL. The scope of the access request as described by Section 3.3<https://tools.ietf.org/html/rfc6749#section-3.3>. regards antonio Because of this, I believe the phrase "or exceeds the scope granted by the resource owner." is unnecessary, since there is no initial grant by the resource owner. Am I reading this correctly, or is there some situation I am not thinking of? Thanks! ---- Aaron Parecki aaronparecki.com<http://aaronparecki.com/> @aaronpk<http://twitter.com/aaronpk> _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
