Added to 2.4.1:
client_secret
REQUIRED. The client secret. The client MAY omit the parameter
if the client secret
is an empty string.
Added to 3.2.1:
A public client that was not issued a client password MAY use the
'client_id' request parameter to identify itself when sending
requests to the token endpoint.
EHL
> -----Original Message-----
> From: Brian Campbell [mailto:bcampb...@pingidentity.com]
> Sent: Thursday, July 28, 2011 12:11 PM
> To: Eran Hammer-Lahav
> Cc: Torsten Lodderstedt; oauth
> Subject: Re: [OAUTH-WG] treatment of client_id for authentication and
> identification
>
> I would be very much in favor of that addition/clarification.
>
> On Thu, Jul 28, 2011 at 9:20 AM, Eran Hammer-Lahav
> <e...@hueniverse.com> wrote:
> >
> > [...] and I can also add a short note that public clients may use the
> > client_id for the purpose of identification with the token endpoint.
> > EHL
> >
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
