Certainly not. Are we discussing to make client authentication required
just for syntactical purposes?
To me, "notasecret" logically means to abandon on client authentication.
regards,
Torsten.
Am 16.06.2011 21:46, schrieb Brian Eaton:
On Thu, Jun 16, 2011 at 12:42 PM, Torsten Lodderstedt
<[email protected] <mailto:[email protected]>> wrote:
-1 making client authentication required at the access token endpoint
Client authentication is useful in some situations to raise the
security level. But requiring it will either keep out native apps
or force there developers to use useless/insecure secrets (I would
call this "pseudo security").
Are you seriously arguing that including the phrase "notasecret" in
the request would make native applications less secure?
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
