You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jul 6, 2020. It is now read-only.
Section 3.1 of draft 09 states that an Authorization Response contains an OPTIONAL scope parameter. However, we propose the following change to that parameter’s text:
scope
REQUIRED if it has been passed in the authorization request, otherwise OPTIONAL.
This parameter delimits the scope of the access token as an unordered list of
space-delimited strings, each adding an additional access range to the requested
scope.
The value of the "scope" parameter is defined by the authorization server and
MUST take into account the "scope" requested in the authorization request by setting the
authorization response "scope" parameter to the values to which the token grants access.
Furthermore, the authorization server can add any other values deemed necessary
to determine response scope.