The points I pointed out in my review of -21 - that the document recommends simple password authentication (Resource Owner Password Credentials), and the misstatement of the ability to use more complex OAUTH schemes with command-line interfaces - do not appear to have changed between -21 and -23. Issue remains.