Hi, Can "third-party" term be removed from the specification?
The standard and associated best practices apply to other applications that act on behalf of a resource owner, too (internal, "first-party" and etc). Regards, Dima The OAuth 2.1 authorization framework enables a *third-party* application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 2.0 Authorization Framework described in RFC 6749 <https://tools.ietf.org/html/rfc6749>.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth