How do you link the client_id using in the authorization endpoint with the client assertion using in the token endpoint?
EHL > -----Original Message----- > From: Brian Eaton [mailto:[email protected]] > Sent: Monday, July 26, 2010 3:51 PM > To: Eran Hammer-Lahav > Cc: Yaron Goland; [email protected] > Subject: Re: [OAUTH-WG] Proposed language for section 2.2 on Client > Assertions > > On Mon, Jul 26, 2010 at 2:08 PM, Eran Hammer-Lahav > <[email protected]> wrote: > > I understand that in many assertions, the client identifier is > > established internally, but this approach will completely prevent > > using the assertion client authentication method with other flows that > involve getting a code. > > I'm pretty sure that's exactly the opposite of what Yaron was trying to > achieve. > > client_id will continue to be passed on the authorization URL. > > No client_id will be passed on the token endpoint, because it's either > insecure, or not necessary. The assertion has to contain the client > identifier. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
