in section 1.3 on the UX, I would suggest adding a paragraph that the client needs to be able to very clearly explain to the user if after the first authorization challenge endpoint request, the user needs to be authenticated again (for example in the browser). This kind of dynamic negotiation of user authentication is pretty new I think?
in section 1.3 on the UX, I would suggest adding a paragraph that the client needs to be able to very clearly explain to the user if after the first authorization challenge endpoint request, the user needs to be authenticated again (for example in the browser). This kind of dynamic negotiation of user authentication is pretty new I think?