add a reference to CORS support on the token endpoint

oauth-wg / oauth-v2-1

OAuth 2.1 is a consolidation of the core OAuth 2.0 specs

https://oauth.net/2.1/

Other

53 stars 27 forks source link

Closed aaronpk closed 2 years ago

aaronpk commented 3 years ago

If the AS expects to be used by SPA clients it will need to support the necessary CORS headers. I think the best place to mention this is https://tools.ietf.org/html/draft-ietf-oauth-v2-1-00#section-3.2

tlodderstedt commented 3 years ago

Section 11 would be an alternative

dickhardt commented 3 years ago

I agree with adding a reference