Replying to @aaronpk @oktadev
implicit is good to go ..query on password - If password flow is deprecated then how we achieve those use cases which this was addressing..like migration of legacy clients..which flow we can use for those use cases
1
If you're really using the password grant for migration, you can always define your own extension to enable that same migration. In our experience, most implementations did not use it for migrations, and instead made new implementations prompting the user for their password.
1
Replying to @aaronpk @oktadev
@aaronpk can you please publish your notes from the informal meeting?
1
They are here! oauth.net/events/2019-11-iet… Tho I suppose I should email that to the list as well.
1
2
This is misleading. The OAuth WG did not yet agree to do a 2.1 revision, and there's not yet a TxAuth working group. I want both of those things but it's not reality quite yet.
1
I can get it changed to say "a potential 2.1". What's the right term for the TX Auth group right now then? datatracker.ietf.org/wg/txau…
1