Yeah, we definitely didn't intend for it to be exclusive to the token endpoint. I think the text kinda came out that way as an artifact of the way some of these specs are layered and when they were written as well as some assumptions on my part that it would be understood that this client authentication could be applicable to the other places OAuth client authentication is used. We will clarify things in the next draft.
On Mon, Aug 7, 2017 at 10:28 AM, John Bradley <ve7...@ve7jtb.com> wrote: > Good point, I don’t think we intended it to be exclusive to the token > endpoint. It is another client auth method and should work those other > places as well. I will need to look at the other specs to see how they > incorporate client auth methods. > > Thanks > John B. > > > On Aug 7, 2017, at 11:17 AM, Vladimir Dzhuvinov <vladi...@connect2id.com> > wrote: > > > > I just noticed that the spec is very explicit on the MTLS auth method > > being used for the token endpoint, but it could also work with other > > endpoints, e.g. RFC 7009 (revocation), 7662 (intospection). > > > > Were there any talks about that? > > > > Vladimir > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > -- *CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.*
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth