...
- Breaking changes:
- Changed the PUT method for the purpose of resource set creation at the authorization server, to POST. This had other rippling changes, such as removing the usage of If-Match, the precondition_failed error, ETag usage, and the privacy considerations warning about mapping real resource set names to obscured names that remove personally identifiable information.
- Changed the name of the policy_uri property to user_access_policy_uri to differentiate it from the OAuth property of (formerly) the same name
- Other changes of note:
- Clarified that user_access_policy_uri is allowed on Create, Read, and Update, and also now allow it on Delete and List too.
- Enhanced the Security Considerations section.
...