Apply suggestions from code review

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
pull/977/head
Richard van der Hoff 5 years ago committed by GitHub
parent 7549b86192
commit ac982410b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -15,7 +15,7 @@ The definition of
authentication is incomplete. [OAuth2](https://oauth.net/2/) is best considered
as a framework for implementing authentication protocols rather than a protocol
in its own right, and this section says nothing about the grant types, flows
and scopes which a compliant implemenation should understand.
and scopes which a compliant implementation should understand.
A better candidate for OAuth2-based authentication of matrix clients is via
[OpenID Connect](https://openid.net/connect/), but this has already been
@ -27,7 +27,7 @@ and redundant. It should be removed from the specification to reduce confusion.
## Alternatives
It would be possible to extend the definition so that it is complete: as
mentioned above, a likely implemenation would be based on OpenID
mentioned above, a likely implementation would be based on OpenID
Connect. Matrix clients could then follow the standardised OpenID Connect flow
rather than the matrix-specific `m.login.sso` flow. However, this would require
significant design work, and development in both clients and servers, which

Loading…
Cancel
Save