[Openid-specs-ab] client secret

John Bradley ve7jtb at ve7jtb.com
Thu Oct 13 18:33:47 UTC 2011


In Messages Sec 3.2

We have extended the request for an access token to include a secret_type parameter.  
This indicates if client_secret is a JWT or shared secret.

Oauth 2.0 Sec 2.3.2 states that the authentication method is established for the client at registration, and the token endpoint uses the registered method for the client identifier.

Should we change this to be consistent with the OAuth 2.0 spec?  (I suspect so)

It is potentially a breaking change for some implementations so it should be discussed.

John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111013/3cd70315/attachment.p7s>


More information about the Openid-specs-ab mailing list