Is there any guidance on the usage of client_id when using the JWT assertion profile as a grant type? draft-ietf-oauth-jwt-bearer-04 makes no mention so I assume that it is not required ... but it would be necessary if using in conjunction with a HOK profile where the JWT assertion is issued to - and may only be used by - the intended client. Obviously this is straight forward enough, really I'm just looking to be sure that I'm not missing anything.
tx adam
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth