I was reviewing https://tools.ietf.org/html/draft-ietf-oauth-discovery-07 and noticed that in https://tools.ietf.org/html/draft-ietf-oauth-discovery-07#section-2 that authorization_endpoint is REQUIRED.
I am working on deployments that are two-legged OAuth where there is no authorization_endpoint, but having a discovery document would be super useful. Additionally, in https://tools.ietf.org/html/draft-hardt-oauth-distributed-00, discovery would be useful, but there may not be an authorization_endpoint may not be needed in the authorization server as it is a two legged OAuth flow (ie, there is no user granting permission, the client is requesting an access token to use at resources) Is there a reason why authorization_endpoint is REQUIRED? /Dick
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
