Re: [OAUTH-WG] client_id in PAR and JAR

Tue, 30 Jun 2020 03:02:58 -0700 

It already is in the new revision of JAR, PAR will follow it too. 

Technically tho, since authorization requests can also use POST its not 
strictly a query string parameter, it may be contained in the request body too. 
Let’s call it authorization endpoint parameters and leave the “how its 
transferred” mechanism out. 

Odesláno z iPhonu

> 30. 6. 2020 v 10:15, Thiloshon Nagarajah <[email protected]>:
> 
> 
> Hi Filip,
> 
> So I'm assuming client_id will be mandated as a query param in PAR as well?
> 
> Regards 
> 
>> On Tue, Jun 30, 2020 at 1:09 PM Filip Skokan <[email protected]> wrote:
>> Hi Thiloshon,
>> 
>> Not quite the way it went down but we have this adressed in a future PAR 
>> draft. 
>> 
>> Thank you ;)
>> 
>> Filip
>> 
>> Odesláno z iPhonu
>> 
>>> 30. 6. 2020 v 9:25, Thiloshon Nagarajah 
>>> <[email protected]>:
>>> 
>>> 
>>> Hi All,
>>> 
>>> In OAuth JAR specification, client_id is a required query parameter of 
>>> authorisation call, in both request and request_uri flows 
>>> [https://tools.ietf..org/html/draft-ietf-oauth-jwsreq-23#section-5].
>>> 
>>> But in OAuth PAR specification, which is a complimentary spec to JAR, it is 
>>> specified "Clients are encouraged to use the request URI as the only 
>>> parameter (in the authorisation call) in order to use the integrity and 
>>> authenticity provided by the pushed authorization request." 
>>> [https://tools.ietf.org/html/draft-ietf-oauth-par-01#section-4]
>>> 
>>> Taking into account these both are building upon OAuth spec, which also 
>>> mandates client_id query param in authorisation call, it seems like PAR is 
>>> not compatible with OAuth and JAR specs. 
>>> 
>>> Is this intentional? If it is may I know the rationale behind this 
>>> decision? 
>>> 
>>> Regards,
>>> -- 
>>> Thiloshon Nagarajah
>>> Software Engineer,
>>> Financial Solutions
>>> WSO2
>>> +94774209947
>>> 
>>> _______________________________________________
>>> OAuth mailing list
>>> [email protected]
>>> https://www.ietf.org/mailman/listinfo/oauth
> 
> 
> -- 
> Thiloshon Nagarajah
> Software Engineer,
> Financial Solutions
> WSO2
> +94774209947
> 

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to