[Openid-specs-ab] client secret

Breno de Medeiros breno at google.com
Thu Oct 13 18:54:36 UTC 2011


+1 for OAuth 2.0 spec compatibility.

On Thu, Oct 13, 2011 at 11:33, John Bradley <ve7jtb at ve7jtb.com> wrote:
> In Messages Sec 3.2
>
> We have extended the request for an access token to include a secret_type parameter.
> This indicates if client_secret is a JWT or shared secret.
>
> Oauth 2.0 Sec 2.3.2 states that the authentication method is established for the client at registration, and the token endpoint uses the registered method for the client identifier.
>
> Should we change this to be consistent with the OAuth 2.0 spec?  (I suspect so)
>
> It is potentially a breaking change for some implementations so it should be discussed.
>
> John
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>



-- 
--Breno


More information about the Openid-specs-ab mailing list