Added to 2.4.1: client_secret REQUIRED. The client secret. The client MAY omit the parameter if the client secret is an empty string.
Added to 3.2.1: A public client that was not issued a client password MAY use the 'client_id' request parameter to identify itself when sending requests to the token endpoint. EHL > -----Original Message----- > From: Brian Campbell [mailto:bcampb...@pingidentity.com] > Sent: Thursday, July 28, 2011 12:11 PM > To: Eran Hammer-Lahav > Cc: Torsten Lodderstedt; oauth > Subject: Re: [OAUTH-WG] treatment of client_id for authentication and > identification > > I would be very much in favor of that addition/clarification. > > On Thu, Jul 28, 2011 at 9:20 AM, Eran Hammer-Lahav > <e...@hueniverse.com> wrote: > > > > [...] and I can also add a short note that public clients may use the > > client_id for the purpose of identification with the token endpoint. > > EHL > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth