Thank you, Taka! I will check out the referenced document.
Regards, Sascha On Wed., Nov. 4, 2020, 19:15 Takahiko Kawasaki, <t...@authlete.com> wrote: > Hi Sascha, > > The change you found in the draft 04 is the change made to the JAR (JWT > Secured Authorization Request). Now, "client_id" is mandatory. I summarized > technical details about JAR in the article below. It describes the reasons > for the necessity of "client_id". PAR is mentioned there, too. > > Implementer's note about JAR (JWT Secured Authorization Request) > https://darutk.medium.com/implementers-note-about-jar-fff4cbd158fe > > Best Regards, > Taka > > On Thu, Nov 5, 2020 at 11:33 AM Sascha Preibisch < > saschapreibi...@gmail.com> wrote: > >> Hi all! >> >> A while ago I implemented draft 00 of this spec: >> - https://tools.ietf.org/html/draft-ietf-oauth-par-04 >> >> Now, in draft 04, I see that a request to the /authorize endpoint is >> defined with client_id and request_uri. The client_id was added since draft >> 00 (see: https://tools.ietf.org/html/draft-ietf-oauth-par-04#section-4). >> >> I am not sure if 'client_id' is now required, that's all. >> >> Thanks for clarification, >> >> regards, >> Sascha >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
