[Openid-specs-ab] [openid/connect] Registration - 2.2.1 client_secret should not be REQUIRED (issue #632)

Nat Sakimura issues-reply at bitbucket.org
Tue Jul 24 00:49:05 UTC 2012

--- you can reply above this line ---

New issue 632: Registration - 2.2.1 client_secret should not be REQUIRED

Nat Sakimura:

In the Response, currently it says: 

    REQUIRED. The Client secret. This MUST be unique for each client_id.

Since the client may be a public client, client_secret should not be REQUIRED. It is only REQUIRED if the client type is confidential. 

Note: If the client only uses implicit flow (such as self-issued), the client is a public client. 


This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.

More information about the Openid-specs-ab mailing list