Should we "update" RFC6749

[yaronf]

Sec. 4.2: if we're adding an error code (=behavior) to the Token endpoint, I guess the document should Update RFC6749. We're also removing a REQUIRED parameter, redirect_uri.

[aaronpk]

It's a common misconception that redirect_uri is a required parameter on the token endpoint. It's actually only required IF a redirect_uri was present in the authorization request, which it would not be in this specification.

[yaronf]

Fair enough (and my bad). But what about the new error code?