Aaron / Emilia: Where in the document is it described what is passed in the authorization request? I know this is about the metadata document, but it is not clear how the AS gets the client_id -- is it the client_id or client_uri parameter?
It seems the URL is the client_id as the metadata document must have client_id be the URL, but then how is that related to the client_uri which is mentioned in 6.1? I would have expected this section: 6.1 Relationship between redirect_uris and client_id or client_uri to explain how these are related, but it only describes how the AS may constrain them. Separate point: when fetching the URL, are redirects allowed? /Dick On Sat, Sep 27, 2025 at 3:42 PM Dick Hardt <[email protected]> wrote: > I support adoption of this draft. > > On Mon, Sep 22, 2025 at 8:14 PM Rifaat Shekh-Yusef via Datatracker < > [email protected]> wrote: > >> >> Subject: Call for adoption: >> draft-parecki-oauth-client-id-metadata-document-03 (Ends 2025-10-06) >> >> This message starts a 2-week Call for Adoption for this document. >> >> Abstract: >> This specification defines a mechanism through which an OAuth client >> can identify itself to authorization servers, without prior dynamic >> client registration or other existing registration. This is through >> the usage of a URL as a client_id in an OAuth flow, where the URL >> refers to a document containing the necessary client metadata, >> enabling the authorization server to fetch the metadata about the >> client as needed. >> >> File can be retrieved from: >> >> https://datatracker.ietf.org/doc/draft-parecki-oauth-client-id-metadata-document/ >> >> Please reply to this message keeping [email protected] in copy by indicating >> whether you support or not the adoption of this draft as a WG document. >> Comments to motivate your preference are highly appreciated. >> >> Authors, and WG participants in general, are reminded of the Intellectual >> Property Rights (IPR) disclosure obligations described in BCP 79 [2]. >> Appropriate IPR disclosures required for full conformance with the >> provisions >> of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any. >> Sanctions available for application to violators of IETF IPR Policy can be >> found at [3]. >> >> Thank you. >> [1] https://datatracker.ietf.org/doc/bcp78/ >> [2] https://datatracker.ietf.org/doc/bcp79/ >> [3] https://datatracker.ietf.org/doc/rfc6701/ >> >> >> >> _______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
