> Am 10.01.2020 um 16:53 schrieb John Bradley <[email protected]>: > > I think Torsten is speculating that is not a feature people use.
I’m still trying to understand the use case for merging signed and unsigned parameters. Nat once explained a use case, where a client uses parameters signed by a 3rd party (some „certification authority“) in combination with transaction-specific parameters. Is this being done in the wild? PS: PAR would work with both modes. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
