Document changelog that grant_type is now required

indieweb / indieauth

IndieAuth.net website code and IndieAuth Specification

52 stars 7 forks source link

Document changelog that grant_type is now required #61

Closed dshanske closed 3 years ago

dshanske commented 4 years ago

In the current living standard, grant_type is required by the authorization endpoint. In the prior version, it was not. This change needs to be documented due the fact it could be a breaking change.

Zegnat commented 3 years ago

I think this is wrong?

Maybe I am missing something, but I think grant_type has always been required. It was response_type that was optional (in the case of response_type=id) and that has been documented as part of the August 9th changes.

Am I misreading something?

dshanske commented 3 years ago

@Zegnat For the token endpoint, but not the authorization endpoint.

Zegnat commented 3 years ago

Ah, found it now @dshanske. Thanks! PR opened with fix.