Hmmm… what was the objective or use case for having the client being able to choose in the first place?
It seems to me that the AS will make a decision based on many factors. As you say, there isn't any other place that enumerates the various [authn] methods a client can use to access the token endpoint. So, why do it? Phil @independentid www.independentid.com phil.h...@oracle.com On 2013-04-24, at 2:07 PM, Justin Richer wrote: > Seems reasonable to me, can you suggest language to add in the capability? > Would it require an IANA registry? Right now there isn't any other place that > enumerates the various methods that a client can use to access the token > endpoint. > > -- Justin > > On 04/24/2013 04:17 PM, Phil Hunt wrote: >> For parameters to token_endpoint_auth_method, the spec has defined >> "client_secret_jwt" and "private_key_jwt". Shouldn't there be similar >> options of SAML? >> >> Shouldn't there be an extension point for other methods? >> >> Phil >> >> @independentid >> www.independentid.com >> phil.h...@oracle.com >> >> >> >> >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth