On Thu, Jun 16, 2011 at 12:42 PM, Torsten Lodderstedt < [email protected]> wrote:
> -1 making client authentication required at the access token endpoint > > Client authentication is useful in some situations to raise the security > level. But requiring it will either keep out native apps or force there > developers to use useless/insecure secrets (I would call this "pseudo > security"). > Are you seriously arguing that including the phrase "notasecret" in the request would make native applications less secure?
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
