Yes that is reasonable. Sent from my iPhone
> On Jul 8, 2014, at 9:44 PM, "Richer, Justin P." <jric...@mitre.org> wrote: > > In draft -18, we clarified the optionality of the client metadata parameters > in ยง 2 with new text, including the sentences: > > The implementation and use of all client metadata fields is OPTIONAL, other > than "redirect_uris". > > redirect_uris (...) Authorization servers MUST implement support for this > metadata value. > > > However, since OAuth core defines two non-redirect flows (client credentials > and password) and we're about to publish another one (assertions), I suggest > that we adopt the following clarification: > > The implementation and use of all client metadata fields is OPTIONAL, other > than "redirect_uris" > which is REQUIRED for authorization servers that support redirect-based grant > types. > > Authorization servers that support dynamic registration of clients using > redirect-based > grant types MUST implement support for this metadata value. > > I think this language brings the requirement more in line with the intent and > would like comment from the WG. > > -- Justin > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
