Hi Brian,
Am 24.01.2014 um 22:37 schrieb Brian Campbell bcampb...@pingidentity.com:
Thanks Torsten,
The intent there definitely makes sense. Thanks for clarifying. And I had
sort of guessed that retaining the query component was what that reference
was trying to do. But a flat reading
Thanks Torsten,
The intent there definitely makes sense. Thanks for clarifying. And I had
sort of guessed that retaining the query component was what that reference
was trying to do. But a flat reading of the text doesn't convey that, I
don't think. I'd guess the answer is no but does this kind
Hi Brian,
this particular sentence is intended to specify the structure of the
revocation URL only. It refers to this text in RFC 6749:
The endpoint URI MAY include an application/x-www-form-urlencoded
formatted (per Appendix B) query component ([RFC3986] Section 3.4),
which MUST be
The second paragraph of section 2 of RFC 7009 [1] says that the revocation
endpoint must conform to the rules in section 3.1 of RFC 6749 (The OAuth
2.0 Authorization Framework) [2] but that section is about the
*Authorization Endpoint*, which doesn't make much sense to me. The resource
owner is