Filip, Ok, thanks for the clarification.
Regards On Tue, Jun 30, 2020 at 3:31 PM Filip Skokan <panva...@gmail.com> wrote: > It already is in the new revision of JAR, PAR will follow it too. > > Technically tho, since authorization requests can also use POST its not > strictly a query string parameter, it may be contained in the request body > too. Let’s call it authorization endpoint parameters and leave the “how its > transferred” mechanism out. > > Odesláno z iPhonu > > 30. 6. 2020 v 10:15, Thiloshon Nagarajah <thilos...@wso2.com>: > > > Hi Filip, > > So I'm assuming client_id will be mandated as a query param in PAR as well? > > Regards > > On Tue, Jun 30, 2020 at 1:09 PM Filip Skokan <panva...@gmail.com> wrote: > >> Hi Thiloshon, >> >> Not quite the way it went down but we have this adressed in a future PAR >> draft. >> >> Thank you ;) >> >> Filip >> >> Odesláno z iPhonu >> >> 30. 6. 2020 v 9:25, Thiloshon Nagarajah <thiloshon= >> 40wso2....@dmarc.ietf.org>: >> >> >> Hi All, >> >> In OAuth JAR specification, client_id is a required query parameter of >> authorisation call, in both *request* and *request_uri* flows [ >> https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-23#section-5]. >> >> But in OAuth PAR specification, which is a complimentary spec to JAR, it >> is specified "Clients are encouraged to use the request URI as the only >> parameter (in the authorisation call) in order to use the integrity and >> authenticity provided by the pushed authorization request." [ >> https://tools.ietf.org/html/draft-ietf-oauth-par-01#section-4] >> >> Taking into account these both are building upon OAuth spec, which also >> mandates client_id query param in authorisation call, it seems like PAR >> is not compatible with OAuth and JAR specs. >> >> Is this intentional? If it is may I know the rationale behind this >> decision? >> >> Regards, >> -- >> Thiloshon Nagarajah >> Software Engineer, >> Financial Solutions >> WSO2 >> +94774209947 >> <http://wso2.com/signature> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> > > -- > Thiloshon Nagarajah > Software Engineer, > Financial Solutions > WSO2 > +94774209947 > <http://wso2.com/signature> > > -- Thiloshon Nagarajah Software Engineer, Financial Solutions WSO2 +94774209947 <http://wso2.com/signature>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth