On Fri, May 8, 2020 at 12:42 PM Aaron Parecki <[email protected]> wrote:
> > FYI: An objective of OAuth 2.1 is not to introduce anything new -- it is > OAuth 2.0 with best practices. > > The line there is kind of fuzzy. The objective is not to introduce new > concepts, however there are some changes defined that are "breaking > changes" from plain OAuth 2.0, because those things being removed were not > best practices for example. > I was clarifying that OAuth 2.1 is not introducing new features, for eg. the WebSocket support question. I think we can say that: An OAuth 2.0 compliant deployment following "best practices" is also an OAuth 2.1 compliant deployment. This thread is a discussion of what "best practices" is.
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
