Yes, that is correct.

I'm working on new revisions of the drafts that will hopefully make that
point more clear.


On Thu, Mar 14, 2013 at 5:26 PM, Lewis Adam-CAL022 <
adam.le...@motorolasolutions.com> wrote:

>  Coming back to this … am I correct in that client_id is not required?  We 
> are implementing this spec and want to make sure that we are doing it right.  
> By my understanding the only two parameters that are required in the JWT 
> grant type are  "urn:ietf:params:oauth:grant-type:jwt-bearer"  and the 
> assertion.   Is this correct?****
>
> ** **
>
> ** **
>
> *From:* Mike Jones [mailto:michael.jo...@microsoft.com]
> *Sent:* Monday, February 18, 2013 6:58 PM
> *To:* Lewis Adam-CAL022; oauth@ietf.org WG
> *Subject:* RE: JWT grant_type and client_id****
>
> ** **
>
> The client_id value and the access token value are independent.****
>
> ** **
>
>                                                                 -- Mike***
> *
>
> ** **
>
> *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf
> Of *Lewis Adam-CAL022
> *Sent:* Monday, February 18, 2013 2:50 PM
> *To:* oauth@ietf.org WG
> *Subject:* [OAUTH-WG] JWT grant_type and client_id****
>
> ** **
>
> ** **
>
> Is there any guidance on the usage of client_id when using the JWT
> assertion profile as a grant type?  draft-ietf-oauth-jwt-bearer-04 makes no
> mention so I assume that it is not required … but it would be necessary if
> using in conjunction with a HOK profile where the JWT assertion is issued
> to – and may only be used by – the intended client.  Obviously this is
> straight forward enough, really I’m just looking to be sure that I’m not
> missing anything.****
>
> ** **
>
> tx****
>
> adam****
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to