Dots are legal in a client ID (as per the spec), and there’s nothing inherently wrong with a client ID that’s a domain name. However, how can you be sure it’s google that gets the client ID “google.com <http://google.com/>”? And what if Google wants to have two clients?
In many implementations (including ours from MIT ITC), the client ID is random (we use a type 4 UUID) and we’ve got a separate field for human-readable names (client_name, defined in the dynamic registration specification). — Justin > On Aug 29, 2016, at 12:51 AM, Viruthagiri Thirumavalavan > <[email protected]> wrote: > > I'm working on a OAuth2 server project. Can I use domain name for generating > client_id ? > > Ex: For instance if Google registering an app in my server, then the > client_id will be google.com <http://google.com/> > Am i allowed to use dots in client_id? Is it wise to use domain name as > client_id ? what are the drawbacks? > > Thanks > -- > Regards, > Giri > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
