Hi Thiloshon, Not quite the way it went down but we have this adressed in a future PAR draft.
Thank you ;) Filip Odesláno z iPhonu > 30. 6. 2020 v 9:25, Thiloshon Nagarajah > <[email protected]>: > > > Hi All, > > In OAuth JAR specification, client_id is a required query parameter of > authorisation call, in both request and request_uri flows > [https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-23#section-5]. > > But in OAuth PAR specification, which is a complimentary spec to JAR, it is > specified "Clients are encouraged to use the request URI as the only > parameter (in the authorisation call) in order to use the integrity and > authenticity provided by the pushed authorization request." > [https://tools.ietf.org/html/draft-ietf-oauth-par-01#section-4] > > Taking into account these both are building upon OAuth spec, which also > mandates client_id query param in authorisation call, it seems like PAR is > not compatible with OAuth and JAR specs. > > Is this intentional? If it is may I know the rationale behind this decision? > > Regards, > -- > Thiloshon Nagarajah > Software Engineer, > Financial Solutions > WSO2 > +94774209947 > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
