I have had a couple reviewers comment whether this means client authentication is optional in Sec 3.12 for token refresh:
> * authentication of this client_id during token refresh, if > possible, and Do we not mean authentication of the client or some equivalent (e.g. looking at browser cookies). Phil Oracle Corporation, Cloud Security and Identity Architect @independentid www.independentid.com <http://www.independentid.com/>[email protected] <mailto:[email protected]>
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
