Hi Filip, So I'm assuming client_id will be mandated as a query param in PAR as well?
Regards On Tue, Jun 30, 2020 at 1:09 PM Filip Skokan <[email protected]> wrote: > Hi Thiloshon, > > Not quite the way it went down but we have this adressed in a future PAR > draft. > > Thank you ;) > > Filip > > Odesláno z iPhonu > > 30. 6. 2020 v 9:25, Thiloshon Nagarajah <thiloshon= > [email protected]>: > > > Hi All, > > In OAuth JAR specification, client_id is a required query parameter of > authorisation call, in both *request* and *request_uri* flows [ > https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-23#section-5]. > > But in OAuth PAR specification, which is a complimentary spec to JAR, it > is specified "Clients are encouraged to use the request URI as the only > parameter (in the authorisation call) in order to use the integrity and > authenticity provided by the pushed authorization request." [ > https://tools.ietf.org/html/draft-ietf-oauth-par-01#section-4] > > Taking into account these both are building upon OAuth spec, which also > mandates client_id query param in authorisation call, it seems like PAR > is not compatible with OAuth and JAR specs. > > Is this intentional? If it is may I know the rationale behind this > decision? > > Regards, > -- > Thiloshon Nagarajah > Software Engineer, > Financial Solutions > WSO2 > +94774209947 > <http://wso2.com/signature> > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > -- Thiloshon Nagarajah Software Engineer, Financial Solutions WSO2 +94774209947 <http://wso2.com/signature>
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
