Yes, that is correct. I'm working on new revisions of the drafts that will hopefully make that point more clear.
On Thu, Mar 14, 2013 at 5:26 PM, Lewis Adam-CAL022 < adam.le...@motorolasolutions.com> wrote: > Coming back to this … am I correct in that client_id is not required? We > are implementing this spec and want to make sure that we are doing it right. > By my understanding the only two parameters that are required in the JWT > grant type are "urn:ietf:params:oauth:grant-type:jwt-bearer" and the > assertion. Is this correct?**** > > ** ** > > ** ** > > *From:* Mike Jones [mailto:michael.jo...@microsoft.com] > *Sent:* Monday, February 18, 2013 6:58 PM > *To:* Lewis Adam-CAL022; oauth@ietf.org WG > *Subject:* RE: JWT grant_type and client_id**** > > ** ** > > The client_id value and the access token value are independent.**** > > ** ** > > -- Mike*** > * > > ** ** > > *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf > Of *Lewis Adam-CAL022 > *Sent:* Monday, February 18, 2013 2:50 PM > *To:* oauth@ietf.org WG > *Subject:* [OAUTH-WG] JWT grant_type and client_id**** > > ** ** > > ** ** > > Is there any guidance on the usage of client_id when using the JWT > assertion profile as a grant type? draft-ietf-oauth-jwt-bearer-04 makes no > mention so I assume that it is not required … but it would be necessary if > using in conjunction with a HOK profile where the JWT assertion is issued > to – and may only be used by – the intended client. Obviously this is > straight forward enough, really I’m just looking to be sure that I’m not > missing anything.**** > > ** ** > > tx**** > > adam**** > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth