James,
Could you please clarify the last point (i.e., "cannot look like a
normal authentication protocol")? I simply don't understand what you mean.
With thanks,
Igor
Manger, James H wrote:
.... Adding client_id here is unnecessary (the server can include it
in the token if it is convenient for protected resources), and harmful
(it means the protocol that uses the credentials from the token
response cannot look like a normal authentication protocol).
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
