Hi Filip,

So I'm assuming client_id will be mandated as a query param in PAR as well?

Regards

On Tue, Jun 30, 2020 at 1:09 PM Filip Skokan <panva...@gmail.com> wrote:

> Hi Thiloshon,
>
> Not quite the way it went down but we have this adressed in a future PAR
> draft.
>
> Thank you ;)
>
> Filip
>
> Odesláno z iPhonu
>
> 30. 6. 2020 v 9:25, Thiloshon Nagarajah <thiloshon=
> 40wso2....@dmarc.ietf.org>:
>
> ´╗┐
> Hi All,
>
> In OAuth JAR specification, client_id is a required query parameter of
> authorisation call, in both *request* and *request_uri* flows [
> https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-23#section-5].
>
> But in OAuth PAR specification, which is a complimentary spec to JAR, it
> is specified "Clients are encouraged to use the request URI as the only
> parameter (in the authorisation call) in order to use the integrity and
> authenticity provided by the pushed authorization request." [
> https://tools.ietf.org/html/draft-ietf-oauth-par-01#section-4]
>
> Taking into account these both are building upon OAuth spec, which also
> mandates client_id query param in authorisation call, it seems like PAR
> is not compatible with OAuth and JAR specs.
>
> Is this intentional? If it is may I know the rationale behind this
> decision?
>
> Regards,
> --
> Thiloshon Nagarajah
> Software Engineer,
> Financial Solutions
> WSO2
> +94774209947
> <http://wso2.com/signature>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

-- 
Thiloshon Nagarajah
Software Engineer,
Financial Solutions
WSO2
+94774209947
<http://wso2.com/signature>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to