There can't be any security requirements for the client_id - it serves to identify both public and confidential clients. It's only requirement be that it be a unique identifier (across public and confidential clients) in the domain of clients that the AS serves.
Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) [email protected] From: Antonio Tapiador del Dujo <[email protected]> To: "[email protected]" <[email protected]>, Date: 01/25/2013 09:09 AM Subject: [OAUTH-WG] Best practices on client_id Sent by: [email protected] Are there any recommendations for the authorization server when generating a client_id. Any security consideration? Should the client_id be a random string or it is save being just the database primary key? Kind regards. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
