It seems a CAPTCHA was added today, returning HTML instead of JSON immediately after the user clicks “Allow.” It is returned from the POST to https://www.dwolla.com/oauth/v2/token.
- Does this is conform to the OAuth2 spec? The response to the /oauth/v2/token should be returning JSON not HTML. This is breaking my integration.
- Shouldn’t the CAPTCHA be placed earlier in the workflow, like either before the user logs in, or before they click “Allow” ?
- Why was this change not announced anywhere?