We have two authorization flows in OAuth 2 that we don't talk about. I think we want to allow for the client credentials and resource owner credentials flows to be supported. Mostly we just need to be careful not to do anything to preclude them. An action item needs to be taken to review the specs to look for any issues. John B.