Hi Sascha, The change you found in the draft 04 is the change made to the JAR (JWT Secured Authorization Request). Now, "client_id" is mandatory. I summarized technical details about JAR in the article below. It describes the reasons for the necessity of "client_id". PAR is mentioned there, too.
Implementer's note about JAR (JWT Secured Authorization Request) https://darutk.medium.com/implementers-note-about-jar-fff4cbd158fe Best Regards, Taka On Thu, Nov 5, 2020 at 11:33 AM Sascha Preibisch <saschapreibi...@gmail.com> wrote: > Hi all! > > A while ago I implemented draft 00 of this spec: > - https://tools.ietf.org/html/draft-ietf-oauth-par-04 > > Now, in draft 04, I see that a request to the /authorize endpoint is > defined with client_id and request_uri. The client_id was added since draft > 00 (see: https://tools.ietf.org/html/draft-ietf-oauth-par-04#section-4). > > I am not sure if 'client_id' is now required, that's all. > > Thanks for clarification, > > regards, > Sascha > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth