Section 3.1.3 the final sentence notes the authorization data may be delivered as a text message or via a mobile app. This is inconsistent with the methods mentioned in the first paragraph, which includes email and text messages. I suggest being clear that these are example mechanisms and not a full list of mechanisms by which codes can be delivered.
PieterKas
commented
7 months ago
WCLC Feedback from Dean Saxe
https://mailarchive.ietf.org/arch/msg/oauth/T9XDSCqvVWPQAjDHjkH9iOQXsOo/