oauth2-server Make the /verify endpoint accept a token instead of client creds

Make the /verify endpoint accept a token instead of client creds

Open tvh opened this issue 9 years ago • 1 comments

This would mean less evaluations of scrypt and less handling of the credentials themselves.

Jul 07 '15 00:07 tvh

Relevant sections here: https://tools.ietf.org/html/rfc6749#section-2.1 https://tools.ietf.org/html/rfc6749#section-4.4

In particular, "The client credentials grant type MUST only be used by confidential clients."

Jul 16 '15 07:07 tvh