Any chance you can squeeze in support for the "Client Credentials" OAuth2 flow
before the 1.0 release? In your last message on this subject you mentioned something
about not having role assignments at the client level, but I didn't understand as it
seems this is already supported. Can you please explain further?
If this can't be done by the 1.0 release, then I suggest at least making the
"grant_type" parameter be required in the "grants/access" endpoint, to
be compliant with the OAuth spec and to set the foundation for future "Client
Credentials" flow support.