aaronpk
commented
3 years ago I don't see anything in 7.4.5 that limits the use to the delegated authorization scenario so I'm not sure what would need to change.
Open aaronpk opened 3 years ago
aaronpk
commented
3 years ago I don't see anything in 7.4.5 that limits the use to the delegated authorization scenario so I'm not sure what would need to change.
From Vittorio:
§7.4.5
Along the same lines of the comments about delegated authorization earlier for §7.2.3. I think it would be useful to acknowledge here that ATs might carry, and RSs might expect, authorization information that go beyond the delegated authorization for 3rd party API case that is core to OAuth- and remind the reader that those mechanisms are out of scope for oauth hence they shouldn’t expect those aspects to be addressed/handled/regulated by this specification.