Thank you everyone for the feedback.
I am currently working on the sample text, and should be complete in
the next couple days. Apologies for the delay.
On Wed, Nov 7, 2018 at 12:51 AM Brian Campbell
wrote:
>
> Sure, I think they could be treated as different different
> client_auth_methods.
I understand better, thanks!
>From an OAuth perspective, this is a client credentials grant. You have
added some other checks that may or may not help the security profile, but
at the core, you have a private key on the device that is the primary
credential, and is device oriented.
FWIW: there