[Openid-specs-ab] client secret
Breno de Medeiros
breno at google.com
Thu Oct 13 18:54:36 UTC 2011
+1 for OAuth 2.0 spec compatibility.
On Thu, Oct 13, 2011 at 11:33, John Bradley <ve7jtb at ve7jtb.com> wrote:
> In Messages Sec 3.2
> We have extended the request for an access token to include a secret_type parameter.
> This indicates if client_secret is a JWT or shared secret.
> Oauth 2.0 Sec 2.3.2 states that the authentication method is established for the client at registration, and the token endpoint uses the registered method for the client identifier.
> Should we change this to be consistent with the OAuth 2.0 spec? (I suspect so)
> It is potentially a breaking change for some implementations so it should be discussed.
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
More information about the Openid-specs-ab