Some of the flows require/allow a client secret while others disallow it (when the client has no secure means to keep it secret). My question is, do you plan to issue different credentials for different flows (with or without secret) or allow the same set to be used, sometimes with and sometimes without a secret based on the flow?
EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
