Open yaronf opened 6 months ago
It's a common misconception that redirect_uri
is a required parameter on the token endpoint. It's actually only required IF a redirect_uri
was present in the authorization request, which it would not be in this specification.
Fair enough (and my bad). But what about the new error code?
Sec. 4.2: if we're adding an error code (=behavior) to the Token endpoint, I guess the document should Update RFC6749. We're also removing a REQUIRED parameter,
redirect_uri
.