Hi Fletcher,
Actually we are not in the same case.
The /token endpoint is a protected ressource in regard to the client
application. The credentials are the client id and, in the case of confidential
clients, the client secret .
The OAuth 2.0 ressource is protected in regard to the user. The
Hi,
The draft Signing HTTP Messages
(https://tools.ietf.org/html/draft-cavage-http-signatures-09) could not meet
this requirement in a more generic way ?
Regards,
Louis
De : OAuth De la part de Brock Allen
Envoyé : dimanche 18 mars 2018 20:40
À : Torsten Lodderstedt