[Openid-specs-ab] Declaring that the Client performs no Client Authentication

Vladimir Dzhuvinov / NimbusDS vladimir at nimbusds.com
Fri Nov 29 06:19:32 UTC 2013


That's a good idea. We currently use a blank field for such cases. Being
more explicit is good.

+1

--
Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com



-------- Original Message --------
Subject: [Openid-specs-ab] Declaring that the Client performs no Client
Authentication
From: Mike Jones <Michael.Jones at microsoft.com>
Date: Thu, November 28, 2013 2:17 am
To: "openid-specs-ab at lists.openid.net"
<openid-specs-ab at lists.openid.net>

  Justin proposed that we add the following to the set of Client
Authentication identifiers:
  
 none
 The Client does not authenticate itself at the Token Endpoint, either
because it uses only the Implicit Flow (and so does not use the Token
Endpoint) or because it is a Public Client with no Client Secret or
other authentication mechanism.
  
 Any objections or proposed rewording?
  
                                                                 -- Mike
  
 
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab


More information about the Openid-specs-ab mailing list