<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Actually come to think of it, why wouldn't a client be able to do
    both client_secret_basic and client_secret_post to a server that
    supports them? It's the same info presented in *almost* the same
    way. <br>
    <br>
    This combination may be the exceptional case, though, as the other
    types (client_secret_jwt,private_key_jwt, or even "none" that OIDC
    hasn't adopted yet) aren't particularly mutually compatible. <br>
    <br>
     -- Justin<br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 01/23/2013 10:53 AM, Justin Richer
      wrote:<br>
    </div>
    <blockquote cite="mid:MLQM-20130123111640496-8525@mlite.mitre.org"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      OK, thanks for catching that. I'll file a bug against Oauth2
      Dynreg as well (which has the same examples). John is right that
      it is defined as a single value and the examples are off.<br>
      <br>
       -- Justin<br>
      <br>
      <div class="moz-cite-prefix">On 01/23/2013 10:03 AM, Mike Jones
        wrote:<br>
      </div>
      <blockquote
cite="mid:4E1F6AAD24975D4BA5B168042967394366A742BE@TK5EX14MBXC283.redmond.corp.microsoft.com"
        type="cite">
        <meta name="Generator" content="Microsoft Word 14 (filtered
          medium)">
        <base href="x-msg://1194/">
        <style><!--
/* Font Definitions */
@font-face
        {font-family:Helvetica;
        panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
        {font-family:Helvetica;
        panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
tt
        {mso-style-priority:99;
        font-family:"Courier New";}
span.apple-converted-space
        {mso-style-name:apple-converted-space;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
        <div class="WordSection1">
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">That’s

              what I thought.  Thanks for confirming.<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">                                                           

              -- Mike<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
          <div>
            <div style="border:none;border-top:solid #B5C4DF
              1.0pt;padding:3.0pt 0in 0in 0in">
              <p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
                  John Bradley [<a moz-do-not-send="true"
                    class="moz-txt-link-freetext"
                    href="mailto:ve7jtb@ve7jtb.com">mailto:ve7jtb@ve7jtb.com</a>]
                  <br>
                  <b>Sent:</b> Wednesday, January 23, 2013 7:02 AM<br>
                  <b>To:</b> Mike Jones<br>
                  <b>Cc:</b> <a moz-do-not-send="true"
                    class="moz-txt-link-abbreviated"
                    href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
                  <b>Subject:</b> Re: [Openid-specs-ab]
                  token_endpoint_auth_method Registration example error?<o:p></o:p></span></p>
            </div>
          </div>
          <p class="MsoNormal"><o:p> </o:p></p>
          <p class="MsoNormal">The server may support multiple methods,
            but the client MUST only register one, so it shouldn't be
            multi value for simplicity.<o:p></o:p></p>
          <div>
            <p class="MsoNormal"><o:p> </o:p></p>
          </div>
          <div>
            <p class="MsoNormal">If you need two auth methods they
              should be different client_id.<o:p></o:p></p>
          </div>
          <div>
            <p class="MsoNormal"><o:p> </o:p></p>
          </div>
          <div>
            <p class="MsoNormal">This is intended mostly to enhance
              security and prevent a server from taking
              client_secret_basic from an attacker when the real client
              is using private_key_jwt.<o:p></o:p></p>
          </div>
          <div>
            <p class="MsoNormal"><o:p> </o:p></p>
          </div>
          <div>
            <p class="MsoNormal">John B.<o:p></o:p></p>
          </div>
          <div>
            <p class="MsoNormal"><o:p> </o:p></p>
            <div>
              <div>
                <p class="MsoNormal">On 2013-01-23, at 9:07 AM, Mike
                  Jones <<a moz-do-not-send="true"
                    href="mailto:Michael.Jones@microsoft.com">Michael.Jones@microsoft.com</a>>

                  wrote:<o:p></o:p></p>
              </div>
              <p class="MsoNormal"><br>
                <br>
                <o:p></o:p></p>
              <div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Registration

                      contains the following definition:<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif""
                      lang="EN">token_endpoint_auth_method</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
                </div>
                <div style="margin-left:.5in">
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif""
                      lang="EN">OPTIONAL. Requested authentication
                      method for the Token Endpoint. The options are</span><tt><span
                        style="color:#003366" lang="EN">client_secret_post</span></tt><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif""
                      lang="EN">,<span class="apple-converted-space"> </span></span><tt><span
                        style="color:#003366" lang="EN">client_secret_basic</span></tt><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif""
                      lang="EN">,<span class="apple-converted-space"> </span></span><tt><span
                        style="color:#003366" lang="EN">client_secret_jwt</span></tt><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif""
                      lang="EN">, and<span class="apple-converted-space"> </span></span><tt><span
                        style="color:#003366" lang="EN">private_key_jwt</span></tt><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif""
                      lang="EN">, as described in Section 2.2.1 of
                      [OpenID.Messages]. Other Authentication methods
                      may be defined by extension. If unspecified or
                      omitted, the default is<span
                        class="apple-converted-space"> </span></span><tt><span
                        style="color:#003366" lang="EN">client_secret_basic</span></tt><span
                      class="apple-converted-space"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif""
                        lang="EN"> </span></span><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif""
                      lang="EN">HTTP Basic Authentication Scheme as
                      specified in Section 2.3.1 of [RFC6749].</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">It

                      later uses “token_endpoint_auth_method” in two
                      example result values in this manner:<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal" style="background:#CCCCCC"><span
                      style="font-family:"Courier New""
                      lang="EN">"token_endpoint_auth_method":</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal" style="background:#CCCCCC"><span
                      style="font-family:"Courier New""
                      lang="EN">   "client_secret_basic
                      client_secret_post",</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">This

                      looks like a bug to me, since the string appears
                      to be trying to contain multiple values.<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Thus,

                      I’m changing the string used to just<span
                        class="apple-converted-space"> </span></span><span
                      style="font-family:"Courier New""
                      lang="EN">"client_secret_basic"</span><span
                      class="apple-converted-space"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">to


                      make the example correct.  But I thought I’d point
                      this out in case the example may have been
                      intentional in some manner.<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif"">                                                           

                      -- Mike<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
                </div>
                <p class="MsoNormal"><span
style="font-size:13.5pt;font-family:"Helvetica","sans-serif"">_______________________________________________<br>
                    Openid-specs-ab mailing list<br>
                    <a moz-do-not-send="true"
                      href="mailto:Openid-specs-ab@lists.openid.net"><span
                        style="color:purple">Openid-specs-ab@lists.openid.net</span></a><br>
                    <a moz-do-not-send="true"
                      href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"><span
                        style="color:purple">http://lists.openid.net/mailman/listinfo/openid-specs-ab</span></a><o:p></o:p></span></p>
              </div>
            </div>
            <p class="MsoNormal"><o:p> </o:p></p>
          </div>
        </div>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
Openid-specs-ab mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>