You want the client_id on each API request? Put it in the token or make it part of your API. The token is opaque for a reason.
On Wed, Dec 15, 2010 at 12:22 PM, Paul Walker <pjwal...@gmail.com> wrote: > > What is the reasoning behind the lack of a client_id parameter in requests to > protected resources? Could it not add value if a resource server wanted to > provide IP white-lisitng (in a server to server scenario), in that the > resource server would not have to decrypt/look up the client before denying > the request? Also, it would alleviate the need to create provider wide > unique access token values. There is probably some security reasoning behind > this that I don't understand...can someone kindly inform me? :-). > > Thanks, > ~pj > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Paul Lindner -- lind...@inuus.com -- linkedin.com/in/plindner _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
