[Openid-specs-ab] Declaring that the Client performs no Client Authentication

Vladimir Dzhuvinov / NimbusDS vladimir at nimbusds.com
Fri Nov 29 06:19:32 UTC 2013

That's a good idea. We currently use a blank field for such cases. Being
more explicit is good.


Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com

-------- Original Message --------
Subject: [Openid-specs-ab] Declaring that the Client performs no Client
From: Mike Jones <Michael.Jones at microsoft.com>
Date: Thu, November 28, 2013 2:17 am
To: "openid-specs-ab at lists.openid.net"
<openid-specs-ab at lists.openid.net>

  Justin proposed that we add the following to the set of Client
Authentication identifiers:
 The Client does not authenticate itself at the Token Endpoint, either
because it uses only the Implicit Flow (and so does not use the Token
Endpoint) or because it is a Public Client with no Client Secret or
other authentication mechanism.
 Any objections or proposed rewording?
                                                                 -- Mike
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net

More information about the Openid-specs-ab mailing list