client_id is only required on the authorization endpoint, not the token endpoint. -18 cleaned up how the document talked about client authentication in general. So you should remove client_id from your draft and instead mention client authentication (if appropriate).
EHL > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Brian Campbell > Sent: Monday, July 25, 2011 7:02 AM > To: oauth > Subject: [OAUTH-WG] treatment of client_id for authentication and > identification > > I need to revisit a question that came up about two months ago. I thought I > had a clear understanding of when client_id was and wasn't included in > access token requests but drafts 18/19 seemed to have changed things (or > my understanding of 16 was wrong). > > > The question is, when is client_id a required parameter on requests to the > token endpoint and when can/should it be omitted? > > In -16 I was under the impression that client_id was always to be included > even when using HTTP Basic or other means of authentication. > See http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-3.1 and > http://www.ietf.org/mail-archive/web/oauth/current/msg06328.html for > example. > > But the text and examples in -18/-19 would suggest that client_id is to be > omitted when using HTTP Basic. Text in > http://tools.ietf.org/html/draft-ietf-oauth-v2-19#section-2.4.1 and example > in http://tools.ietf.org/html/draft-ietf-oauth-v2-19#section-4.1.3 > > I don't have a strong preference for either direction but do feel it needs to > be more explicitly spelled out. Scenarios that should be accounted for are, > for both clients in possession of a client password and clients without, using > client_id/client_secret, using HTTP Basic and using other means of > authentication/identification. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
