Hello
There are some unclear parts in OAuth 2.0 specification.
*1.* In 4.3. (B) there is following statement:
When making the request, the client
authenticates with the authorization server.
In 4.3.2 there is following statement:
If the client type is confidential or the client was i
On Fri, Aug 30, 2013 at 3:41 PM, Martin Ždila wrote:
> Hello
>
> There are some unclear parts in OAuth 2.0 specification.
>
> *1.* In 4.3. (B) there is following statement:
>
>When making the request, the client
>authenticates with the authorization server.
>
>
> In 4.3.2 there is followin
Think that there are three different types of clients: confidential;
public; and anonymous (my term).
Confidential: id and secret;
Public: id only;
Anonymous: no credentials;
You provide the type of credentials that you can, and the protected
endpoint will accept or reject based on the operatio
