Re: [OAUTH-WG] oauth par - authorize request with client_id
Thank you, Taka! I will check out the referenced document. Regards, Sascha On Wed., Nov. 4, 2020, 19:15 Takahiko Kawasaki, wrote: > Hi Sascha, > > The change you found in the draft 04 is the change made to the JAR (JWT > Secured Authorization Request). Now, "client_id" is mandatory. I summarized > technical details about JAR in the article below. It describes the reasons > for the necessity of "client_id". PAR is mentioned there, too. > > Implementer's note about JAR (JWT Secured Authorization Request) > https://darutk.medium.com/implementers-note-about-jar-fff4cbd158fe > > Best Regards, > Taka > > On Thu, Nov 5, 2020 at 11:33 AM Sascha Preibisch < > saschapreibi...@gmail.com> wrote: > >> Hi all! >> >> A while ago I implemented draft 00 of this spec: >> - https://tools.ietf.org/html/draft-ietf-oauth-par-04 >> >> Now, in draft 04, I see that a request to the /authorize endpoint is >> defined with client_id and request_uri. The client_id was added since draft >> 00 (see: https://tools.ietf.org/html/draft-ietf-oauth-par-04#section-4). >> >> I am not sure if 'client_id' is now required, that's all. >> >> Thanks for clarification, >> >> regards, >> Sascha >> ___ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] oauth par - authorize request with client_id
Hi Sascha, The change you found in the draft 04 is the change made to the JAR (JWT Secured Authorization Request). Now, "client_id" is mandatory. I summarized technical details about JAR in the article below. It describes the reasons for the necessity of "client_id". PAR is mentioned there, too. Implementer's note about JAR (JWT Secured Authorization Request) https://darutk.medium.com/implementers-note-about-jar-fff4cbd158fe Best Regards, Taka On Thu, Nov 5, 2020 at 11:33 AM Sascha Preibisch wrote: > Hi all! > > A while ago I implemented draft 00 of this spec: > - https://tools.ietf.org/html/draft-ietf-oauth-par-04 > > Now, in draft 04, I see that a request to the /authorize endpoint is > defined with client_id and request_uri. The client_id was added since draft > 00 (see: https://tools.ietf.org/html/draft-ietf-oauth-par-04#section-4). > > I am not sure if 'client_id' is now required, that's all. > > Thanks for clarification, > > regards, > Sascha > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] oauth par - authorize request with client_id
Hi all! A while ago I implemented draft 00 of this spec: - https://tools.ietf.org/html/draft-ietf-oauth-par-04 Now, in draft 04, I see that a request to the /authorize endpoint is defined with client_id and request_uri. The client_id was added since draft 00 (see: https://tools.ietf.org/html/draft-ietf-oauth-par-04#section-4). I am not sure if 'client_id' is now required, that's all. Thanks for clarification, regards, Sascha ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth